Hi, I need to check an environmental varible with an external script. For example to capture Calling-Station-Id and check it in an external database using a perl script # ../users : . DEFAULT Auth-Type = None Exec-Program-Wait = "/root/check.pl %i", Reply-Message := "Valid Caller-Id, access granted -> %{Calling-station-Id}", Fall-Through = Yes : . How could I call this ENV variable in my perl script ("/root/check.pl) ? I unsuccessfully attempted the options given by ../docs/variables.txt. Please help with the correct syntax. Thanks in advance. rsg
Well.. What I meant was I actually would like to call an environmental variable as a variable in my simple perl script. Following "Attributes as environment variables in executed programs" in variables.txt for instance I tried the below. --------------------------------------- #!/usr/bin/perl -w use Mysql; $Check = $CALLING_STATION_ID; print STDERR "\t: $Check\n"; $db = Mysql->connect("localhost","radius","root",""); $status = $db->Mysql::query("select if((select CallingStationId from radcheck where CallingStationId='$Check' order by Id limit 1),'y','n')"); ($chk)= $status->FetchRow(); print STDERR "\t: $chk\n"; if($chk eq 'n'){ exit 255; } -------------------------------------------------- But I see nothing for the -> print STDERR "\t: $Check\n"; which should ideally give the Calling-Station-Id. And the Sql check obviously gives "n". P.S. In the context, I have nothing that I cannot share with you. So my apologies if I sounded so, in my previous mail. Thanks for your help, On Fri, Mar 7, 2008 at 4:07 PM, Alan DeKok <aland@deployingradius.com> wrote:
rsg wrote:
I unsuccessfully attempted the options given by ../docs/variables.txt. Please help with the correct syntax.
Q: I won't tell you what I did, or what happened when I did it, but I need to know why it doesn't work.
A: Damned if I know.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
You still need to grab the value of that environment variable properly. Perl uses the $ENV hash list to store all the environment variables. So for example you'd have to use, $ENV{"CALLING_STATION_ID"}. Regards, Emilio -----Original Message----- From: freeradius-users-bounces+emilio.escobar=hp.com@lists.freeradius.org [mailto:freeradius-users-bounces+emilio.escobar=hp.com@lists.freeradius.org] On Behalf Of rsg Sent: Friday, March 07, 2008 10:37 AM To: FreeRadius users mailing list Subject: Re: ENV variables in external scripts Well.. What I meant was I actually would like to call an environmental variable as a variable in my simple perl script. Following "Attributes as environment variables in executed programs" in variables.txt for instance I tried the below. --------------------------------------- #!/usr/bin/perl -w use Mysql; $Check = $CALLING_STATION_ID; print STDERR "\t: $Check\n"; $db = Mysql->connect("localhost","radius","root",""); $status = $db->Mysql::query("select if((select CallingStationId from radcheck where CallingStationId='$Check' order by Id limit 1),'y','n')"); ($chk)= $status->FetchRow(); print STDERR "\t: $chk\n"; if($chk eq 'n'){ exit 255; } -------------------------------------------------- But I see nothing for the -> print STDERR "\t: $Check\n"; which should ideally give the Calling-Station-Id. And the Sql check obviously gives "n". P.S. In the context, I have nothing that I cannot share with you. So my apologies if I sounded so, in my previous mail. Thanks for your help, On Fri, Mar 7, 2008 at 4:07 PM, Alan DeKok <aland@deployingradius.com> wrote:
rsg wrote:
I unsuccessfully attempted the options given by ../docs/variables.txt. Please help with the correct syntax.
Q: I won't tell you what I did, or what happened when I did it, but I need to know why it doesn't work.
A: Damned if I know.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thanks so much Emilio, Here's the working script: #!/usr/bin/perl -w use Mysql; $Check = $ENV{"CALLING_STATION_ID"}; $db = Mysql->connect("localhost","radius","root",""); $status = $db->Mysql::query("select if((select CallingStationId from radcheck where CallingStationId =$Check order by Id limit 1),'y','n')"); ($Callerid_check)= $status->FetchRow(); if($Callerid_check eq 'n'){ exit 255; } regards, rsg. On Fri, Mar 7, 2008 at 4:47 PM, Escobar, Emilio <emilio.escobar@hp.com> wrote:
You still need to grab the value of that environment variable properly. Perl uses the $ENV hash list to store all the environment variables. So for example you'd have to use, $ENV{"CALLING_STATION_ID"}.
Regards,
Emilio
-----Original Message----- From: freeradius-users-bounces+emilio.escobar=hp.com@lists.freeradius.org [mailto:freeradius-users-bounces+emilio.escobar=hp.com@lists.freeradius.org] On Behalf Of rsg Sent: Friday, March 07, 2008 10:37 AM To: FreeRadius users mailing list Subject: Re: ENV variables in external scripts
Well.. What I meant was I actually would like to call an environmental variable as a variable in my simple perl script.
Following "Attributes as environment variables in executed programs" in variables.txt for instance I tried the below. --------------------------------------- #!/usr/bin/perl -w use Mysql;
$Check = $CALLING_STATION_ID;
print STDERR "\t: $Check\n";
$db = Mysql->connect("localhost","radius","root",""); $status = $db->Mysql::query("select if((select CallingStationId from radcheck where CallingStationId='$Check' order by Id limit 1),'y','n')"); ($chk)= $status->FetchRow(); print STDERR "\t: $chk\n";
if($chk eq 'n'){ exit 255; } --------------------------------------------------
But I see nothing for the -> print STDERR "\t: $Check\n"; which should ideally give the Calling-Station-Id.
And the Sql check obviously gives "n".
P.S. In the context, I have nothing that I cannot share with you. So my apologies if I sounded so, in my previous mail.
Thanks for your help,
On Fri, Mar 7, 2008 at 4:07 PM, Alan DeKok <aland@deployingradius.com> wrote:
rsg wrote:
I unsuccessfully attempted the options given by ../docs/variables.txt. Please help with the correct syntax.
Q: I won't tell you what I did, or what happened when I did it, but I need to know why it doesn't work.
A: Damned if I know.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi, While bypassing password Authentication based on the Calling-Station-Id, is there a way to still the Authentication to be handled by rlm_pap and rlm_chap ? When "Exec-Program-Wait" is used, PAP/CHAP based authentication can still be performed by an external perl script. But that is not what I want to do. I want the rlm modules(PAP/CHAP) to handle the normal authentication while bypassing them only for selected caller-ids. Please advise. Regards, rg. On Fri, Mar 7, 2008 at 5:47 PM, Escobar, Emilio <emilio.escobar@hp.com> wrote:
You still need to grab the value of that environment variable properly. Perl uses the $ENV hash list to store all the environment variables. So for example you'd have to use, $ENV{"CALLING_STATION_ID"}.
Regards,
Emilio
-----Original Message----- From: freeradius-users-bounces+emilio.escobar=hp.com@lists.freeradius.org [mailto:freeradius-users-bounces+emilio.escobar=hp.com@lists.freeradius.org] On Behalf Of rsg Sent: Friday, March 07, 2008 10:37 AM To: FreeRadius users mailing list Subject: Re: ENV variables in external scripts
Well.. What I meant was I actually would like to call an environmental variable as a variable in my simple perl script.
Following "Attributes as environment variables in executed programs" in variables.txt for instance I tried the below. --------------------------------------- #!/usr/bin/perl -w use Mysql;
$Check = $CALLING_STATION_ID;
print STDERR "\t: $Check\n";
$db = Mysql->connect("localhost","radius","root",""); $status = $db->Mysql::query("select if((select CallingStationId from radcheck where CallingStationId='$Check' order by Id limit 1),'y','n')"); ($chk)= $status->FetchRow(); print STDERR "\t: $chk\n";
if($chk eq 'n'){ exit 255; } --------------------------------------------------
But I see nothing for the -> print STDERR "\t: $Check\n"; which should ideally give the Calling-Station-Id.
And the Sql check obviously gives "n".
P.S. In the context, I have nothing that I cannot share with you. So my apologies if I sounded so, in my previous mail.
Thanks for your help,
On Fri, Mar 7, 2008 at 4:07 PM, Alan DeKok <aland@deployingradius.com> wrote:
rsg wrote:
I unsuccessfully attempted the options given by ../docs/variables.txt. Please help with the correct syntax.
Q: I won't tell you what I did, or what happened when I did it, but I need to know why it doesn't work.
A: Damned if I know.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
DEFAULT Calling-Station_Id == whatever, Auth-Type := Accept Put that in users file. You don't need exec program. Ivan Kalik Kalik Informatika ISP Dana 4/4/2008, "rsg" <ranil.santhish@gmail.com> piše:
Hi,
While bypassing password Authentication based on the Calling-Station-Id, is there a way to still the Authentication to be handled by rlm_pap and rlm_chap ?
When "Exec-Program-Wait" is used, PAP/CHAP based authentication can still be performed by an external perl script. But that is not what I want to do.
I want the rlm modules(PAP/CHAP) to handle the normal authentication while bypassing them only for selected caller-ids.
Please advise.
Regards, rg.
On Fri, Mar 7, 2008 at 5:47 PM, Escobar, Emilio <emilio.escobar@hp.com> wrote:
You still need to grab the value of that environment variable properly. Perl uses the $ENV hash list to store all the environment variables. So for example you'd have to use, $ENV{"CALLING_STATION_ID"}.
Regards,
Emilio
-----Original Message----- From: freeradius-users-bounces+emilio.escobar=hp.com@lists.freeradius.org [mailto:freeradius-users-bounces+emilio.escobar=hp.com@lists.freeradius.org] On Behalf Of rsg Sent: Friday, March 07, 2008 10:37 AM To: FreeRadius users mailing list Subject: Re: ENV variables in external scripts
Well.. What I meant was I actually would like to call an environmental variable as a variable in my simple perl script.
Following "Attributes as environment variables in executed programs" in variables.txt for instance I tried the below. --------------------------------------- #!/usr/bin/perl -w use Mysql;
$Check = $CALLING_STATION_ID;
print STDERR "\t: $Check\n";
$db = Mysql->connect("localhost","radius","root",""); $status = $db->Mysql::query("select if((select CallingStationId from radcheck where CallingStationId='$Check' order by Id limit 1),'y','n')"); ($chk)= $status->FetchRow(); print STDERR "\t: $chk\n";
if($chk eq 'n'){ exit 255; } --------------------------------------------------
But I see nothing for the -> print STDERR "\t: $Check\n"; which should ideally give the Calling-Station-Id.
And the Sql check obviously gives "n".
P.S. In the context, I have nothing that I cannot share with you. So my apologies if I sounded so, in my previous mail.
Thanks for your help,
On Fri, Mar 7, 2008 at 4:07 PM, Alan DeKok <aland@deployingradius.com> wrote:
rsg wrote:
I unsuccessfully attempted the options given by ../docs/variables.txt. Please help with the correct syntax.
Q: I won't tell you what I did, or what happened when I did it, but I need to know why it doesn't work.
A: Damned if I know.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/usershtml
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/usershtml
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi, It's not just one Calling-Station-Id..You have many and Exec program checks for it in an SQL DB.. 2008/4/4 Ivan Kalik <tnt@kalik.net>:
DEFAULT Calling-Station_Id == whatever, Auth-Type := Accept
Put that in users file. You don't need exec program.
Ivan Kalik Kalik Informatika ISP
Dana 4/4/2008, "rsg" <ranil.santhish@gmail.com> piše:
Hi,
While bypassing password Authentication based on the Calling-Station-Id, is there a way to still the Authentication to be handled by rlm_pap and rlm_chap ?
When "Exec-Program-Wait" is used, PAP/CHAP based authentication can still be performed by an external perl script. But that is not what I want to do.
I want the rlm modules(PAP/CHAP) to handle the normal authentication while bypassing them only for selected caller-ids.
Please advise.
Regards, rg.
On Fri, Mar 7, 2008 at 5:47 PM, Escobar, Emilio <emilio.escobar@hp.com> wrote:
You still need to grab the value of that environment variable properly. Perl uses the $ENV hash list to store all the environment variables. So for example you'd have to use, $ENV{"CALLING_STATION_ID"}.
Regards,
Emilio
-----Original Message----- From: freeradius-users-bounces+emilio.escobar=hp.com@lists.freeradius.org [mailto:freeradius-users-bounces+emilio.escobar=hp.com@lists.freeradius.org] On Behalf Of rsg Sent: Friday, March 07, 2008 10:37 AM To: FreeRadius users mailing list Subject: Re: ENV variables in external scripts
Well.. What I meant was I actually would like to call an environmental variable as a variable in my simple perl script.
Following "Attributes as environment variables in executed programs" in variables.txt for instance I tried the below. --------------------------------------- #!/usr/bin/perl -w use Mysql;
$Check = $CALLING_STATION_ID;
print STDERR "\t: $Check\n";
$db = Mysql->connect("localhost","radius","root",""); $status = $db->Mysql::query("select if((select CallingStationId from radcheck where CallingStationId='$Check' order by Id limit 1),'y','n')"); ($chk)= $status->FetchRow(); print STDERR "\t: $chk\n";
if($chk eq 'n'){ exit 255; } --------------------------------------------------
But I see nothing for the -> print STDERR "\t: $Check\n"; which should ideally give the Calling-Station-Id.
And the Sql check obviously gives "n".
P.S. In the context, I have nothing that I cannot share with you. So my apologies if I sounded so, in my previous mail.
Thanks for your help,
On Fri, Mar 7, 2008 at 4:07 PM, Alan DeKok <aland@deployingradius.com> wrote:
rsg wrote:
I unsuccessfully attempted the options given by ../docs/variables.txt. Please help with the correct syntax.
Q: I won't tell you what I did, or what happened when I did it, but I need to know why it doesn't work.
A: Damned if I know.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/usershtml
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/usershtml
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Should't you be using rlm_perl rather than exec? Set Auth-Type Accept in those cases and place perl before chap in authorize. Ivan Kalik Kalik Informatika ISP Dana 5/4/2008, "rsg" <ranil.santhish@gmail.com> piše:
Hi,
It's not just one Calling-Station-Id..You have many and Exec program checks for it in an SQL DB..
2008/4/4 Ivan Kalik <tnt@kalik.net>:
DEFAULT Calling-Station_Id == whatever, Auth-Type := Accept
Put that in users file. You don't need exec program.
Ivan Kalik Kalik Informatika ISP
Dana 4/4/2008, "rsg" <ranil.santhish@gmail.com> piše:
Hi,
While bypassing password Authentication based on the Calling-Station-Id, is there a way to still the Authentication to be handled by rlm_pap and rlm_chap ?
When "Exec-Program-Wait" is used, PAP/CHAP based authentication can still be performed by an external perl script. But that is not what I want to do.
I want the rlm modules(PAP/CHAP) to handle the normal authentication while bypassing them only for selected caller-ids.
Please advise.
Regards, rg.
On Fri, Mar 7, 2008 at 5:47 PM, Escobar, Emilio <emilio.escobar@hp.com> wrote:
You still need to grab the value of that environment variable properly Perl uses the $ENV hash list to store all the environment variables. So for example you'd have to use, $ENV{"CALLING_STATION_ID"}.
Regards,
Emilio
-----Original Message----- From: freeradius-users-bounces+emilio.escobar=hp.com@lists.freeradius.org [mailto:freeradius-users-bounces+emilio.escobar=hp.com@lists.freeradius.org] On Behalf Of rsg Sent: Friday, March 07, 2008 10:37 AM To: FreeRadius users mailing list Subject: Re: ENV variables in external scripts
Well.. What I meant was I actually would like to call an environmental variable as a variable in my simple perl script.
Following "Attributes as environment variables in executed programs" in variables.txt for instance I tried the below. --------------------------------------- #!/usr/bin/perl -w use Mysql;
$Check = $CALLING_STATION_ID;
print STDERR "\t: $Check\n";
$db = Mysql->connect("localhost","radius","root",""); $status = $db->Mysql::query("select if((select CallingStationId from radcheck where CallingStationId='$Check' order by Id limit 1),'y','n')"); ($chk)= $status->FetchRow(); print STDERR "\t: $chk\n";
if($chk eq 'n'){ exit 255; } --------------------------------------------------
But I see nothing for the -> print STDERR "\t: $Check\n"; which should ideally give the Calling-Station-Id.
And the Sql check obviously gives "n".
P.S. In the context, I have nothing that I cannot share with you. So my apologies if I sounded so, in my previous mail.
Thanks for your help,
On Fri, Mar 7, 2008 at 4:07 PM, Alan DeKok <aland@deployingradius.com> wrote:
rsg wrote:
I unsuccessfully attempted the options given by ../docs/variables.txt. Please help with the correct syntax.
Q: I won't tell you what I did, or what happened when I did it, but I need to know why it doesn't work.
A: Damned if I know.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/usershtml
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/usershtml
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/usershtml
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi, Isn't the functionality same whether it is rlm_perl or "Exec-Program-Wait"? I find the following in ../experimental.conf. //This is very similar to using # Exec-Program-Wait = "/path/foo.pl", but it is persistent, # and therefore faster. // With rlm_perl can external perl scripts be easily used as with Exec-Program-Wait ? 2008/4/6 Ivan Kalik <tnt@kalik.net>:
Should't you be using rlm_perl rather than exec? Set Auth-Type Accept in those cases and place perl before chap in authorize.
Ivan Kalik Kalik Informatika ISP
Dana 5/4/2008, "rsg" <ranil.santhish@gmail.com> piše:
Hi,
It's not just one Calling-Station-Id..You have many and Exec program checks for it in an SQL DB..
2008/4/4 Ivan Kalik <tnt@kalik.net>:
DEFAULT Calling-Station_Id == whatever, Auth-Type := Accept
Put that in users file. You don't need exec program.
Ivan Kalik Kalik Informatika ISP
Dana 4/4/2008, "rsg" <ranil.santhish@gmail.com> piše:
Hi,
While bypassing password Authentication based on the Calling-Station-Id, is there a way to still the Authentication to be handled by rlm_pap and rlm_chap ?
When "Exec-Program-Wait" is used, PAP/CHAP based authentication can still be performed by an external perl script. But that is not what I want to do.
I want the rlm modules(PAP/CHAP) to handle the normal authentication while bypassing them only for selected caller-ids.
Please advise.
Regards, rg.
On Fri, Mar 7, 2008 at 5:47 PM, Escobar, Emilio <emilio.escobar@hp.com> wrote:
You still need to grab the value of that environment variable properly Perl uses the $ENV hash list to store all the environment variables. So for example you'd have to use, $ENV{"CALLING_STATION_ID"}.
Regards,
Emilio
-----Original Message----- From: freeradius-users-bounces+emilio.escobar=hp.com@lists.freeradius.org [mailto:freeradius-users-bounces+emilio.escobar=hp.com@lists.freeradius.org] On Behalf Of rsg Sent: Friday, March 07, 2008 10:37 AM To: FreeRadius users mailing list Subject: Re: ENV variables in external scripts
Well.. What I meant was I actually would like to call an environmental variable as a variable in my simple perl script.
Following "Attributes as environment variables in executed programs" in variables.txt for instance I tried the below. --------------------------------------- #!/usr/bin/perl -w use Mysql;
$Check = $CALLING_STATION_ID;
print STDERR "\t: $Check\n";
$db = Mysql->connect("localhost","radius","root",""); $status = $db->Mysql::query("select if((select CallingStationId from radcheck where CallingStationId='$Check' order by Id limit 1),'y','n')"); ($chk)= $status->FetchRow(); print STDERR "\t: $chk\n";
if($chk eq 'n'){ exit 255; } --------------------------------------------------
But I see nothing for the -> print STDERR "\t: $Check\n"; which should ideally give the Calling-Station-Id.
And the Sql check obviously gives "n".
P.S. In the context, I have nothing that I cannot share with you. So my apologies if I sounded so, in my previous mail.
Thanks for your help,
On Fri, Mar 7, 2008 at 4:07 PM, Alan DeKok <aland@deployingradius.com> wrote:
rsg wrote: > I unsuccessfully attempted the options given by ../docs/variables.txt. > Please help with the correct syntax.
Q: I won't tell you what I did, or what happened when I did it, but I need to know why it doesn't work.
A: Damned if I know.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/usershtml
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/usershtml
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/usershtml
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
With rlm_perl can external perl scripts be easily used as with Exec-Program-Wait ?
Easier: http://wiki.freeradius.org/Rlm_perl Ivan Kalik Kalik Informatika ISP
Hi, Thanks a lot for the suggestion. I have a few more queries with regard to rlm_perl integration. When this module is used for Calling-Station-Id based auth, would it be independent of whether it is CHAP or PAP. I tried with ../users DEFAULT Auth-Type = perl Fall-Through = 1 : : And the rlm_perl for Authentication and Authorization Observations: 1) When a "CHAP-Password" is received the perl script used does not authenticate as it calls the CHAP module 2) When a "User-Password" is received the user authentication is successful. Here's the test perl script that I've tried with. ------------------- use warnings; use vars qw(%RAD_REQUEST %RAD_REPLY %RAD_CHECK); use Data::Dumper; use constant RLM_MODULE_REJECT=> 0;# /* immediately reject the request */ use constant RLM_MODULE_FAIL=> 1;# /* module failed, don't reply */ use constant RLM_MODULE_OK=> 2;# /* the module is OK, continue */ use constant RLM_MODULE_HANDLED=> 3;# /* the module handled the request, so stop. */ use constant RLM_MODULE_INVALID=> 4;# /* the module considers the request invalid. */ use constant RLM_MODULE_USERLOCK=> 5;# /* reject the request (user is locked out) */ use constant RLM_MODULE_NOTFOUND=> 6;# /* user not found */ use constant RLM_MODULE_NOOP=> 7;# /* module succeeded without doing anything */ use constant RLM_MODULE_UPDATED=> 8;# /* OK (pairs modified) */ use constant RLM_MODULE_NUMCODES=> 9;# /* How many return codes there are */ # Function to handle authenticate sub authenticate { if ($RAD_REQUEST{'Calling-Station-Id'} eq "4444444444") { $RAD_REPLY{'Reply-Message'} = "OK --------->"; return RLM_MODULE_OK; }else { return RLM_MODULE_NOTFOUND; } } # Function to handle authorize sub authorize { if ($RAD_REQUEST{'Calling-Station-Id'} eq "4444444444") { return RLM_MODULE_OK; }else { return RLM_MODULE_FAIL; } } ------------------------------------------------------------------ Could you advise how could I tackle this issue to bypass CHAP/PAP status when CallerId is allowed ? Thanks, rg On Tue, Apr 8, 2008 at 7:57 PM, Ivan Kalik <tnt@kalik.net> wrote:
With rlm_perl can external perl scripts be easily used as with Exec-Program-Wait ?
Easier:
http://wiki.freeradius.org/Rlm_perl
Ivan Kalik Kalik Informatika ISP
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
What freeradius version? I don't think that you can bypass chap in 1.1.x but it can be done in 2.0 with unlang. pap is listed last, so it will be bypassed in both versions. Ivan Kalik Kalik Informatika ISP Dana 9/4/2008, "rsg" <ranil.santhish@gmail.com> piše:
Hi,
Thanks a lot for the suggestion. I have a few more queries with regard to rlm_perl integration.
When this module is used for Calling-Station-Id based auth, would it be independent of whether it is CHAP or PAP.
I tried with
.../users
DEFAULT Auth-Type = perl Fall-Through = 1 : :
And the rlm_perl for Authentication and Authorization
Observations:
1) When a "CHAP-Password" is received the perl script used does not authenticate as it calls the CHAP module 2) When a "User-Password" is received the user authentication is successful.
Here's the test perl script that I've tried with.
------------------- use warnings; use vars qw(%RAD_REQUEST %RAD_REPLY %RAD_CHECK); use Data::Dumper;
use constant RLM_MODULE_REJECT=> 0;# /* immediately reject the request */ use constant RLM_MODULE_FAIL=> 1;# /* module failed, don't reply */ use constant RLM_MODULE_OK=> 2;# /* the module is OK, continue */ use constant RLM_MODULE_HANDLED=> 3;# /* the module handled the request, so stop. */ use constant RLM_MODULE_INVALID=> 4;# /* the module considers the request invalid. */ use constant RLM_MODULE_USERLOCK=> 5;# /* reject the request (user is locked out) */ use constant RLM_MODULE_NOTFOUND=> 6;# /* user not found */ use constant RLM_MODULE_NOOP=> 7;# /* module succeeded without doing anything */ use constant RLM_MODULE_UPDATED=> 8;# /* OK (pairs modified) */ use constant RLM_MODULE_NUMCODES=> 9;# /* How many return codes there are */
# Function to handle authenticate sub authenticate { if ($RAD_REQUEST{'Calling-Station-Id'} eq "4444444444") { $RAD_REPLY{'Reply-Message'} = "OK --------->"; return RLM_MODULE_OK; }else { return RLM_MODULE_NOTFOUND; } }
# Function to handle authorize sub authorize {
if ($RAD_REQUEST{'Calling-Station-Id'} eq "4444444444") {
return RLM_MODULE_OK;
}else {
return RLM_MODULE_FAIL; } }
------------------------------------------------------------------
Could you advise how could I tackle this issue to bypass CHAP/PAP status when CallerId is allowed ?
Thanks, rg
On Tue, Apr 8, 2008 at 7:57 PM, Ivan Kalik <tnt@kalik.net> wrote:
With rlm_perl can external perl scripts be easily used as with Exec-Program-Wait ?
Easier:
http://wiki.freeradius.org/Rlm_perl
Ivan Kalik Kalik Informatika ISP
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/usershtml
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi, it's 1.1.7 If this cannot bypass CHAP, will have to do it using the same perl script then. My next query is when I tried to retrieve the CallerId from a Mysql DB using the same perl script with, --------- use Mysql; : : $status = $db->Mysql::query("SELECT IF(EXISTS(SELECT callerid FROM auth WHERE callerid='$RAD_REQUEST{/'Calling-Station-Id'/}'),'y','n')"); ($callerid)=$status->FetchRow(); : : --------- it gives no CallerId leading to $status = "n". Is '$RAD_REQUEST{/'Calling-Station-Id'/}' correct ? Thanks, rg 2008/4/9 Ivan Kalik <tnt@kalik.net>:
What freeradius version? I don't think that you can bypass chap in 1.1.x but it can be done in 2.0 with unlang. pap is listed last, so it will be bypassed in both versions.
Ivan Kalik Kalik Informatika ISP
Dana 9/4/2008, "rsg" <ranil.santhish@gmail.com> piše:
Hi,
Thanks a lot for the suggestion. I have a few more queries with regard to rlm_perl integration.
When this module is used for Calling-Station-Id based auth, would it be independent of whether it is CHAP or PAP.
I tried with
.../users
DEFAULT Auth-Type = perl Fall-Through = 1 : :
And the rlm_perl for Authentication and Authorization
Observations:
1) When a "CHAP-Password" is received the perl script used does not authenticate as it calls the CHAP module 2) When a "User-Password" is received the user authentication is successful.
Here's the test perl script that I've tried with.
------------------- use warnings; use vars qw(%RAD_REQUEST %RAD_REPLY %RAD_CHECK); use Data::Dumper;
use constant RLM_MODULE_REJECT=> 0;# /* immediately reject the request */ use constant RLM_MODULE_FAIL=> 1;# /* module failed, don't reply */ use constant RLM_MODULE_OK=> 2;# /* the module is OK, continue */ use constant RLM_MODULE_HANDLED=> 3;# /* the module handled the request, so stop. */ use constant RLM_MODULE_INVALID=> 4;# /* the module considers the request invalid. */ use constant RLM_MODULE_USERLOCK=> 5;# /* reject the request (user is locked out) */ use constant RLM_MODULE_NOTFOUND=> 6;# /* user not found */ use constant RLM_MODULE_NOOP=> 7;# /* module succeeded without doing anything */ use constant RLM_MODULE_UPDATED=> 8;# /* OK (pairs modified) */ use constant RLM_MODULE_NUMCODES=> 9;# /* How many return codes there are */
# Function to handle authenticate sub authenticate { if ($RAD_REQUEST{'Calling-Station-Id'} eq "4444444444") { $RAD_REPLY{'Reply-Message'} = "OK --------->"; return RLM_MODULE_OK; }else { return RLM_MODULE_NOTFOUND; } }
# Function to handle authorize sub authorize {
if ($RAD_REQUEST{'Calling-Station-Id'} eq "4444444444") {
return RLM_MODULE_OK;
}else {
return RLM_MODULE_FAIL; } }
------------------------------------------------------------------
Could you advise how could I tackle this issue to bypass CHAP/PAP status when CallerId is allowed ?
Thanks, rg
On Tue, Apr 8, 2008 at 7:57 PM, Ivan Kalik <tnt@kalik.net> wrote:
With rlm_perl can external perl scripts be easily used as with Exec-Program-Wait ?
Easier:
http://wiki.freeradius.org/Rlm_perl
Ivan Kalik Kalik Informatika ISP
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/usershtml
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
You need to concatenate the value of the $RAD_REQUEST variable into the query. It's plain text like this. Ivan Kalik Kalik Informatika ISP -----Original Message----- From: freeradius-users-bounces+tnt=kalik.net@lists.freeradius.org [mailto:freeradius-users-bounces+tnt=kalik.net@lists.freeradius.org] On Behalf Of rsg Sent: 09 April 2008 17:24 To: FreeRadius users mailing list Subject: Re: ENV variables in external scripts Hi, it's 1.1.7 If this cannot bypass CHAP, will have to do it using the same perl script then. My next query is when I tried to retrieve the CallerId from a Mysql DB using the same perl script with, --------- use Mysql; : : $status = $db->Mysql::query("SELECT IF(EXISTS(SELECT callerid FROM auth WHERE callerid='$RAD_REQUEST{/'Calling-Station-Id'/}'),'y','n')"); ($callerid)=$status->FetchRow(); : : --------- it gives no CallerId leading to $status = "n". Is '$RAD_REQUEST{/'Calling-Station-Id'/}' correct ? Thanks, rg 2008/4/9 Ivan Kalik <tnt@kalik.net>:
What freeradius version? I don't think that you can bypass chap in 1.1.x but it can be done in 2.0 with unlang. pap is listed last, so it will be bypassed in both versions.
Ivan Kalik Kalik Informatika ISP
Dana 9/4/2008, "rsg" <ranil.santhish@gmail.com> piše:
Hi,
Thanks a lot for the suggestion. I have a few more queries with regard >to rlm_perl integration. > When this module is used for Calling-Station-Id based auth, would it be independent of whether it is CHAP or PAP.
I tried with
.../users
DEFAULT Auth-Type = perl Fall-Through = 1 : :
And the rlm_perl for Authentication and Authorization
Observations:
1) When a "CHAP-Password" is received the perl script used does not authenticate as it calls the CHAP module 2) When a "User-Password" is received the user authentication is successful.
Here's the test perl script that I've tried with.
------------------- use warnings; use vars qw(%RAD_REQUEST %RAD_REPLY %RAD_CHECK); use Data::Dumper;
use constant RLM_MODULE_REJECT=> 0;# /* immediately reject the request */ use constant RLM_MODULE_FAIL=> 1;# /* module failed, don't reply */ use constant RLM_MODULE_OK=> 2;# /* the module is OK, continue */ use constant RLM_MODULE_HANDLED=> 3;# /* the module handled the request, so stop. */ use constant RLM_MODULE_INVALID=> 4;# /* the module considers the request invalid. */ use constant RLM_MODULE_USERLOCK=> 5;# /* reject the request (user is locked out) */ use constant RLM_MODULE_NOTFOUND=> 6;# /* user not found */ use constant RLM_MODULE_NOOP=> 7;# /* module succeeded without doing anything */ use constant RLM_MODULE_UPDATED=> 8;# /* OK (pairs modified) */ use constant RLM_MODULE_NUMCODES=> 9;# /* How many return codes there are */
# Function to handle authenticate sub authenticate { if ($RAD_REQUEST{'Calling-Station-Id'} eq "4444444444") { $RAD_REPLY{'Reply-Message'} = "OK --------->"; return RLM_MODULE_OK; }else { return RLM_MODULE_NOTFOUND; } }
# Function to handle authorize sub authorize {
if ($RAD_REQUEST{'Calling-Station-Id'} eq "4444444444") {
return RLM_MODULE_OK;
}else {
return RLM_MODULE_FAIL; } }
------------------------------------------------------------------
Could you advise how could I tackle this issue to bypass CHAP/PAP status when CallerId is allowed ?
Thanks, rg
On Tue, Apr 8, 2008 at 7:57 PM, Ivan Kalik <tnt@kalik.net> wrote:
With rlm_perl can external perl scripts be easily used as with Exec-Program-Wait ?
Easier:
http://wiki.freeradius.org/Rlm_perl
Ivan Kalik Kalik Informatika ISP
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/usershtml
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- No virus found in this incoming message. Checked by AVG. Version: 7.5.519 / Virus Database: 269.22.10/1366 - Release Date: 2008-04-08 17:03
Hi,
My next query is when I tried to retrieve the CallerId from a Mysql DB using the same perl script with,
--------- use Mysql; : : $status = $db->Mysql::query("SELECT IF(EXISTS(SELECT callerid FROM auth WHERE callerid='$RAD_REQUEST{/'Calling-Station-Id'/}'),'y','n')");
your escape characters are wrong $RAD_REQUEST{\'Calling-Station-Id\'} personally, i would set the value into a local variable and do some sanity checking to ensure it'll not screw up the SQL... a nasty person could do something trivial like set their Calling station id to "'; drop all from users" :-) alan
Hi, I attempted setting it to a local variable as well. Result was the same. Thanks so much for your suggestions & guidance. It's really appreciated. On Thu, Apr 10, 2008 at 1:02 PM, <A.L.M.Buxey@lboro.ac.uk> wrote:
Hi,
My next query is when I tried to retrieve the CallerId from a Mysql DB using the same perl script with,
--------- use Mysql; : : $status = $db->Mysql::query("SELECT IF(EXISTS(SELECT callerid FROM auth WHERE callerid='$RAD_REQUEST{/'Calling-Station-Id'/}'),'y','n')");
your escape characters are wrong
$RAD_REQUEST{\'Calling-Station-Id\'}
personally, i would set the value into a local variable and do some sanity checking to ensure it'll not screw up the SQL... a nasty person could do something trivial like set their Calling station id to "'; drop all from users" :-)
alan
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
$myvalue = $RAD_REQUEST{'Calling-Station-Id'}; # Print it or check in some other way $myquery = "SELECT IF(EXISTS(SELECT callerid FROM auth WHERE callerid='" . $myvalue . "'),'y','n')"; # Now print or check in some other way the query to see if it is joined well $yourquery = "SELECT IF(EXISTS(SELECT callerid FROM auth WHERE callerid='$RAD_REQUEST{/'Calling-Station-Id'/}'),'y','n')"; # And print or check in some other way this to see why it doesn't work $status = $db->Mysql::query($myquery); Ivan Kalik Kalik Informatika ISP Dana 10/4/2008, "rsg" <ranil.santhish@gmail.com> piše:
Hi,
I attempted setting it to a local variable as well.
Result was the same.
Thanks so much for your suggestions & guidance. It's really appreciated.
On Thu, Apr 10, 2008 at 1:02 PM, <A.L.M.Buxey@lboro.ac.uk> wrote:
Hi,
My next query is when I tried to retrieve the CallerId from a Mysql DB using the same perl script with,
--------- use Mysql; : : $status = $db->Mysql::query("SELECT IF(EXISTS(SELECT callerid FROM auth WHERE callerid='$RAD_REQUEST{/'Calling-Station-Id'/}'),'y','n')");
your escape characters are wrong
$RAD_REQUEST{\'Calling-Station-Id\'}
personally, i would set the value into a local variable and do some sanity checking to ensure it'll not screw up the SQL... a nasty person could do something trivial like set their Calling station id to "'; drop all from users" :-)
alan
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/usershtml
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi, After a brief review of the logic, i managed to get it working. My apologies for the trouble and thank you for your time. rlm_perl related question once again: When performing credential based Auth, how could I simply fall-though to the next check when there isn't a match. With RAD_REQUEST if Calling-Station-Id is found Password authentication could be bypassed. If not found how to hand the process into a different module e.g. PAP or CHAP? Is it possible to achieve this with rlm_perl? Also could it be possible to go to a deeper level like user credential checking? E.g. to check on a particular user profile and perform IP allocation,etc? And this should come after the Calling-station-id check. Thanks once again for your valuable thoughts. rg. 2008/4/10 Ivan Kalik <tnt@kalik.net>:
$myvalue = $RAD_REQUEST{'Calling-Station-Id'}; # Print it or check in some other way
$myquery = "SELECT IF(EXISTS(SELECT callerid FROM auth WHERE callerid='" . $myvalue . "'),'y','n')"; # Now print or check in some other way the query to see if it is joined well
$yourquery = "SELECT IF(EXISTS(SELECT callerid FROM auth WHERE callerid='$RAD_REQUEST{/'Calling-Station-Id'/}'),'y','n')"; # And print or check in some other way this to see why it doesn't work
$status = $db->Mysql::query($myquery);
Ivan Kalik Kalik Informatika ISP
Dana 10/4/2008, "rsg" <ranil.santhish@gmail.com> piše:
Hi,
I attempted setting it to a local variable as well.
Result was the same.
Thanks so much for your suggestions & guidance. It's really appreciated.
On Thu, Apr 10, 2008 at 1:02 PM, <A.L.M.Buxey@lboro.ac.uk> wrote:
Hi,
My next query is when I tried to retrieve the CallerId from a Mysql DB using the same perl script with,
--------- use Mysql; : : $status = $db->Mysql::query("SELECT IF(EXISTS(SELECT callerid FROM auth WHERE callerid='$RAD_REQUEST{/'Calling-Station-Id'/}'),'y','n')");
your escape characters are wrong
$RAD_REQUEST{\'Calling-Station-Id\'}
personally, i would set the value into a local variable and do some sanity checking to ensure it'll not screw up the SQL... a nasty person could do something trivial like set their Calling station id to "'; drop all from users" :-)
alan
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/usershtml
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
You use unlang for that. Read man unlang. Ivan Kalik Kalik Informatika ISP Dana 10/4/2008, "rsg" <ranil.santhish@gmail.com> piše:
Hi,
After a brief review of the logic, i managed to get it working. My apologies for the trouble and thank you for your time.
rlm_perl related question once again: When performing credential based Auth, how could I simply fall-though to the next check when there isn't a match.
With RAD_REQUEST if Calling-Station-Id is found Password authentication could be bypassed.
If not found how to hand the process into a different module e.g. PAP or CHAP?
Is it possible to achieve this with rlm_perl?
Also could it be possible to go to a deeper level like user credential checking? E.g. to check on a particular user profile and perform IP allocation,etc? And this should come after the Calling-station-id check.
Thanks once again for your valuable thoughts.
rg.
2008/4/10 Ivan Kalik <tnt@kalik.net>:
$myvalue = $RAD_REQUEST{'Calling-Station-Id'}; # Print it or check in some other way
$myquery = "SELECT IF(EXISTS(SELECT callerid FROM auth WHERE callerid='" . $myvalue . "'),'y','n')"; # Now print or check in some other way the query to see if it is joined well
$yourquery = "SELECT IF(EXISTS(SELECT callerid FROM auth WHERE callerid='$RAD_REQUEST{/'Calling-Station-Id'/}'),'y','n')"; # And print or check in some other way this to see why it doesn't work
$status = $db->Mysql::query($myquery);
Ivan Kalik Kalik Informatika ISP
Dana 10/4/2008, "rsg" <ranil.santhish@gmail.com> piše:
Hi,
I attempted setting it to a local variable as well.
Result was the same.
Thanks so much for your suggestions & guidance. It's really appreciated.
On Thu, Apr 10, 2008 at 1:02 PM, <A.L.M.Buxey@lboro.ac.uk> wrote:
Hi,
My next query is when I tried to retrieve the CallerId from a Mysql DB using the same perl script with,
--------- use Mysql; : : $status = $db->Mysql::query("SELECT IF(EXISTS(SELECT callerid FROM auth WHERE callerid='$RAD_REQUEST{/'Calling-Station-Id'/}'),'y','n')");
your escape characters are wrong
$RAD_REQUEST{\'Calling-Station-Id\'}
personally, i would set the value into a local variable and do some sanity checking to ensure it'll not screw up the SQL... a nasty person could do something trivial like set their Calling station id to "'; drop all from users" :-)
alan
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/usershtml
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/usershtml
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Could unlang be used check Calling-station-Id for instance, from an SQL backend? 2008/4/10 Ivan Kalik <tnt@kalik.net>:
You use unlang for that. Read man unlang.
Ivan Kalik Kalik Informatika ISP
Dana 10/4/2008, "rsg" <ranil.santhish@gmail.com> piše:
Hi,
After a brief review of the logic, i managed to get it working. My apologies for the trouble and thank you for your time.
rlm_perl related question once again: When performing credential based Auth, how could I simply fall-though to the next check when there isn't a match.
With RAD_REQUEST if Calling-Station-Id is found Password authentication could be bypassed.
If not found how to hand the process into a different module e.g. PAP or CHAP?
Is it possible to achieve this with rlm_perl?
Also could it be possible to go to a deeper level like user credential checking? E.g. to check on a particular user profile and perform IP allocation,etc? And this should come after the Calling-station-id check.
Thanks once again for your valuable thoughts.
rg.
2008/4/10 Ivan Kalik <tnt@kalik.net>:
$myvalue = $RAD_REQUEST{'Calling-Station-Id'}; # Print it or check in some other way
$myquery = "SELECT IF(EXISTS(SELECT callerid FROM auth WHERE callerid='" . $myvalue . "'),'y','n')"; # Now print or check in some other way the query to see if it is joined well
$yourquery = "SELECT IF(EXISTS(SELECT callerid FROM auth WHERE callerid='$RAD_REQUEST{/'Calling-Station-Id'/}'),'y','n')"; # And print or check in some other way this to see why it doesn't work
$status = $db->Mysql::query($myquery);
Ivan Kalik Kalik Informatika ISP
Dana 10/4/2008, "rsg" <ranil.santhish@gmail.com> piše:
Hi,
I attempted setting it to a local variable as well.
Result was the same.
Thanks so much for your suggestions & guidance. It's really appreciated.
On Thu, Apr 10, 2008 at 1:02 PM, <A.L.M.Buxey@lboro.ac.uk> wrote:
Hi,
My next query is when I tried to retrieve the CallerId from a Mysql DB using the same perl script with,
--------- use Mysql; : : $status = $db->Mysql::query("SELECT IF(EXISTS(SELECT callerid FROM auth WHERE callerid='$RAD_REQUEST{/'Calling-Station-Id'/}'),'y','n')");
your escape characters are wrong
$RAD_REQUEST{\'Calling-Station-Id\'}
personally, i would set the value into a local variable and do some sanity checking to ensure it'll not screw up the SQL... a nasty person could do something trivial like set their Calling station id to "'; drop all from users" :-)
alan
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/usershtml
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/usershtml
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Sorry, I guess it should be in the following format %{sql:SELECT ... However as of now lengthy query won't be supported?? 2008/4/16 rsg <ranil.santhish@gmail.com>:
Could unlang be used check Calling-station-Id for instance, from an SQL backend?
2008/4/10 Ivan Kalik <tnt@kalik.net>:
You use unlang for that. Read man unlang.
Ivan Kalik Kalik Informatika ISP
Dana 10/4/2008, "rsg" <ranil.santhish@gmail.com> piše:
Hi,
After a brief review of the logic, i managed to get it working. My apologies for the trouble and thank you for your time.
rlm_perl related question once again: When performing credential based Auth, how could I simply fall-though to the next check when there isn't a match.
With RAD_REQUEST if Calling-Station-Id is found Password authentication could be bypassed.
If not found how to hand the process into a different module e.g. PAP or CHAP?
Is it possible to achieve this with rlm_perl?
Also could it be possible to go to a deeper level like user credential checking? E.g. to check on a particular user profile and perform IP allocation,etc? And this should come after the Calling-station-id check.
Thanks once again for your valuable thoughts.
rg.
2008/4/10 Ivan Kalik <tnt@kalik.net>:
$myvalue = $RAD_REQUEST{'Calling-Station-Id'}; # Print it or check in some other way
$myquery = "SELECT IF(EXISTS(SELECT callerid FROM auth WHERE callerid='" . $myvalue . "'),'y','n')"; # Now print or check in some other way the query to see if it is joined well
$yourquery = "SELECT IF(EXISTS(SELECT callerid FROM auth WHERE callerid='$RAD_REQUEST{/'Calling-Station-Id'/}'),'y','n')"; # And print or check in some other way this to see why it doesn't work
$status = $db->Mysql::query($myquery);
Ivan Kalik Kalik Informatika ISP
Dana 10/4/2008, "rsg" <ranil.santhish@gmail.com> piše:
Hi,
I attempted setting it to a local variable as well.
Result was the same.
Thanks so much for your suggestions & guidance. It's really appreciated.
On Thu, Apr 10, 2008 at 1:02 PM, <A.L.M.Buxey@lboro.ac.uk> wrote:
Hi,
> My next query is when I tried to retrieve the CallerId from a Mysql DB > using the same perl script with, > > --------- > use Mysql; > : > : > $status = $db->Mysql::query("SELECT IF(EXISTS(SELECT callerid FROM > auth WHERE callerid='$RAD_REQUEST{/'Calling-Station-Id'/}'),'y','n')");
your escape characters are wrong
$RAD_REQUEST{\'Calling-Station-Id\'}
personally, i would set the value into a local variable and do some sanity checking to ensure it'll not screw up the SQL... a nasty person could do something trivial like set their Calling station id to "'; drop all from users" :-)
alan
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/usershtml
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/usershtml
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
No. Use it to bypass chap. http://www.freeradius.org/radiusd/man/unlang.html Ivan Kalik Kalik Informatika ISP Dana 16/4/2008, "rsg" <ranil.santhish@gmail.com> piše:
Could unlang be used check Calling-station-Id for instance, from an SQL backend?
2008/4/10 Ivan Kalik <tnt@kalik.net>:
You use unlang for that. Read man unlang.
Ivan Kalik Kalik Informatika ISP
Dana 10/4/2008, "rsg" <ranil.santhish@gmail.com> piše:
Hi,
After a brief review of the logic, i managed to get it working. My apologies for the trouble and thank you for your time.
rlm_perl related question once again: When performing credential based Auth, how could I simply fall-though to the next check when there isn't a match.
With RAD_REQUEST if Calling-Station-Id is found Password authentication could be bypassed.
If not found how to hand the process into a different module e.g. PAP or CHAP?
Is it possible to achieve this with rlm_perl?
Also could it be possible to go to a deeper level like user credential checking? E.g. to check on a particular user profile and perform IP allocation,etc? And this should come after the Calling-station-id check.
Thanks once again for your valuable thoughts.
rg.
2008/4/10 Ivan Kalik <tnt@kalik.net>:
$myvalue = $RAD_REQUEST{'Calling-Station-Id'}; # Print it or check in some other way
$myquery = "SELECT IF(EXISTS(SELECT callerid FROM auth WHERE callerid='" . $myvalue . "'),'y','n')"; # Now print or check in some other way the query to see if it is joined well
$yourquery = "SELECT IF(EXISTS(SELECT callerid FROM auth WHERE callerid='$RAD_REQUEST{/'Calling-Station-Id'/}'),'y','n')"; # And print or check in some other way this to see why it doesn't work
$status = $db->Mysql::query($myquery);
Ivan Kalik Kalik Informatika ISP
Dana 10/4/2008, "rsg" <ranil.santhish@gmail.com> piše:
Hi,
I attempted setting it to a local variable as well.
Result was the same.
Thanks so much for your suggestions & guidance. It's really appreciated.
On Thu, Apr 10, 2008 at 1:02 PM, <A.L.M.Buxey@lboro.ac.uk> wrote:
Hi,
> My next query is when I tried to retrieve the CallerId from a Mysql DB > using the same perl script with, > > --------- > use Mysql; > : > : > $status = $db->Mysql::query("SELECT IF(EXISTS(SELECT callerid FROM > auth WHERE callerid='$RAD_REQUEST{/'Calling-Station-Id'/}'),'y','n')");
your escape characters are wrong
$RAD_REQUEST{\'Calling-Station-Id\'}
personally, i would set the value into a local variable and do some sanity checking to ensure it'll not screw up the SQL... a nasty person could do something trivial like set their Calling station id to "'; drop all from users" :-)
alan
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/usershtml
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/usershtml
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/usershtml
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Yes, that works well. Many thanks. In fact by changing the logic slightly you can achieve the required functionality fairly easily. e.g. changing the UserID/Password upon radius_request such that corresponding policies can be applied based on the modified UserName. rg. 2008/4/16 Ivan Kalik <tnt@kalik.net>:
No. Use it to bypass chap.
http://www.freeradius.org/radiusd/man/unlang.html
Ivan Kalik Kalik Informatika ISP
Dana 16/4/2008, "rsg" <ranil.santhish@gmail.com> piše:
Could unlang be used check Calling-station-Id for instance, from an SQL backend?
2008/4/10 Ivan Kalik <tnt@kalik.net>:
You use unlang for that. Read man unlang.
Ivan Kalik Kalik Informatika ISP
Dana 10/4/2008, "rsg" <ranil.santhish@gmail.com> piše:
Hi,
After a brief review of the logic, i managed to get it working. My apologies for the trouble and thank you for your time.
rlm_perl related question once again: When performing credential based Auth, how could I simply fall-though to the next check when there isn't a match.
With RAD_REQUEST if Calling-Station-Id is found Password authentication could be bypassed.
If not found how to hand the process into a different module e.g. PAP or CHAP?
Is it possible to achieve this with rlm_perl?
Also could it be possible to go to a deeper level like user credential checking? E.g. to check on a particular user profile and perform IP allocation,etc? And this should come after the Calling-station-id check.
Thanks once again for your valuable thoughts.
rg.
2008/4/10 Ivan Kalik <tnt@kalik.net>:
$myvalue = $RAD_REQUEST{'Calling-Station-Id'}; # Print it or check in some other way
$myquery = "SELECT IF(EXISTS(SELECT callerid FROM auth WHERE callerid='" . $myvalue . "'),'y','n')"; # Now print or check in some other way the query to see if it is joined well
$yourquery = "SELECT IF(EXISTS(SELECT callerid FROM auth WHERE callerid='$RAD_REQUEST{/'Calling-Station-Id'/}'),'y','n')"; # And print or check in some other way this to see why it doesn't work
$status = $db->Mysql::query($myquery);
Ivan Kalik Kalik Informatika ISP
Dana 10/4/2008, "rsg" <ranil.santhish@gmail.com> piše:
Hi,
I attempted setting it to a local variable as well.
Result was the same.
Thanks so much for your suggestions & guidance. It's really appreciated.
On Thu, Apr 10, 2008 at 1:02 PM, <A.L.M.Buxey@lboro.ac.uk> wrote: > Hi, > > > > My next query is when I tried to retrieve the CallerId from a Mysql DB > > using the same perl script with, > > > > --------- > > use Mysql; > > : > > : > > $status = $db->Mysql::query("SELECT IF(EXISTS(SELECT callerid FROM > > auth WHERE callerid='$RAD_REQUEST{/'Calling-Station-Id'/}'),'y','n')"); > > your escape characters are wrong > > $RAD_REQUEST{\'Calling-Station-Id\'} > > personally, i would set the value into a local variable and do some > sanity checking to ensure it'll not screw up the SQL... a nasty > person could do something trivial like set their Calling station id > to "'; drop all from users" :-) > > alan > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/usershtml
> - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/usershtml
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/usershtml
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
Hi,
After a brief review of the logic, i managed to get it working. My apologies for the trouble and thank you for your time.
rlm_perl related question once again: When performing credential based Auth, how could I simply fall-though to the next check when there isn't a match.
generally you'd do the 'ok = return' thing - just like EAP etc. alan
Here' what I see in my debug log. Access Reject because of exit status 255 in Exec-Program-Wait and as I said nothing corresponding to the read variable i.e Calling-Station-Id. --------------------------------------------------------------------------------------------------------------------------------------------- Fri Mar 7 16:38:39 2008 : Debug: rad_check_password: Found Auth-Type None Fri Mar 7 16:38:39 2008 : Debug: rad_check_password: Auth-Type = Accept, accepting the user Fri Mar 7 16:38:39 2008 : Debug: radius_xlat: '4444444444' : : n !!!!!!!!!!!!! THIS IS WHAT I MEANT( status "n" for SQL check) !!!!!!! Fri Mar 7 16:38:39 2008 : Debug: Exec-Program output: Fri Mar 7 16:38:39 2008 : Debug: Exec-Program: returned: 255 Fri Mar 7 16:38:39 2008 : Debug: Delaying request 0 for 1 seconds Fri Mar 7 16:38:39 2008 : Debug: Finished request 0 : Fri Mar 7 16:38:39 2008 : Debug: Going to the next request - Sending Access-Reject of id 63 to 10.1.1.1 port 1828 Reply-Message := "Valid Caller-Id, access granted -> 4444444444" --------------------------------------------------------------------------------------------------------------- On Fri, Mar 7, 2008 at 4:37 PM, rsg <ranil.santhish@gmail.com> wrote:
Well.. What I meant was I actually would like to call an environmental variable as a variable in my simple perl script.
Following "Attributes as environment variables in executed programs" in variables.txt for instance I tried the below. --------------------------------------- #!/usr/bin/perl -w use Mysql;
$Check = $CALLING_STATION_ID;
print STDERR "\t: $Check\n";
$db = Mysql->connect("localhost","radius","root",""); $status = $db->Mysql::query("select if((select CallingStationId from radcheck where CallingStationId='$Check' order by Id limit 1),'y','n')"); ($chk)= $status->FetchRow(); print STDERR "\t: $chk\n";
if($chk eq 'n'){ exit 255; } --------------------------------------------------
But I see nothing for the -> print STDERR "\t: $Check\n"; which should ideally give the Calling-Station-Id.
And the Sql check obviously gives "n".
P.S. In the context, I have nothing that I cannot share with you. So my apologies if I sounded so, in my previous mail.
Thanks for your help,
On Fri, Mar 7, 2008 at 4:07 PM, Alan DeKok <aland@deployingradius.com> wrote:
rsg wrote:
I unsuccessfully attempted the options given by ../docs/variables.txt. Please help with the correct syntax.
Q: I won't tell you what I did, or what happened when I did it, but I need to know why it doesn't work.
A: Damned if I know.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rsg wrote:
$Check = $CALLING_STATION_ID;
Read the Perl documentation.
print STDERR "\t: $Check\n";
Don't do this. Executed programs should print to STDOUT. They should NOT print to STDERR.
$db = Mysql->connect("localhost","radius","root",""); ... print STDERR "\t: $chk\n"; ... And the Sql check obviously gives "n".
Which gets printed to STDERR, just like you wanted. Alan DeKok.
On Fri, Mar 7, 2008 at 5:22 PM, Alan DeKok <aland@deployingradius.com> wrote:
Read the Perl documentation.
Thanks for the advice.
print STDERR "\t: $Check\n";
Don't do this. Executed programs should print to STDOUT. They should NOT print to STDERR.
Would like to know why? Thanks in advance for the explanation. Radius Debug Log when printed to STDERR: Fri Mar 7 17:35:48 2008 : Debug: rad_check_password: Found Auth-Type None Fri Mar 7 17:35:48 2008 : Debug: rad_check_password: Auth-Type = Accept, accepting the user Fri Mar 7 17:35:48 2008 : Debug: radius_xlat: '4444444444' : "4444444444" : y Fri Mar 7 17:35:49 2008 : Debug: Exec-Program output: Fri Mar 7 17:35:49 2008 : Debug: Exec-Program: returned: 0 Radius Deboug log when printed to STDOUT: Fri Mar 7 17:42:10 2008 : Debug: rad_check_password: Auth-Type = Accept, accepting the user Fri Mar 7 17:42:10 2008 : Debug: radius_xlat: '4444444444' Fri Mar 7 17:42:10 2008 : Debug: Exec-Program output: ?: "4444444444" ?: y Fri Mar 7 17:42:10 2008 : Debug: Exec-Program-Wait: plaintext: ?: "4444444444" ?: y Fri Mar 7 17:42:10 2008 : Debug: Exec-Program: returned: 0
participants (5)
-
A.L.M.Buxey@lboro.ac.uk -
Alan DeKok -
Escobar, Emilio -
Ivan Kalik -
rsg