generate a random value with unlang?
Hi, in some weird business case, I would like to generate a one-time use token for later consumption in post-auth. So when the user is accepted, trigger an {sql:INSERT randomvalue INTO someplace} The value should be new for every Access-Accept. I wonder how to generate such a random value with unlang. Is there some {%rand} or anything like that? Currently I do it embedded in the INSERT: INSERT ... SHA1(RAND())... INTO someplace but our MySQL admins don't like me doing that. So I'd prefer to do this on FreeRADIUS and send a simple string to the DB. Greetings, Stefan Winter
On Wed, Mar 21, 2012 at 11:07:16AM +0100, Stefan Winter wrote:
The value should be new for every Access-Accept. I wonder how to generate such a random value with unlang. Is there some {%rand} or anything like that?
http://freeradius.org/press/index.html 30 September 2011 - Version 2.1.12 has been released. ... * Added support for %{rand:...}, which generates a uniformly distributed number between 0 and the number you specify. Matthew -- Matthew Newton, Ph.D. <mcn4@le.ac.uk> Systems Architect (UNIX and Networks), Network Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk>
On 21/03/12 10:49, Matthew Newton wrote:
On Wed, Mar 21, 2012 at 11:07:16AM +0100, Stefan Winter wrote:
The value should be new for every Access-Accept. I wonder how to generate such a random value with unlang. Is there some {%rand} or anything like that?
http://freeradius.org/press/index.html
30 September 2011 - Version 2.1.12 has been released.
...
* Added support for %{rand:...}, which generates a uniformly distributed number between 0 and the number you specify.
...ah. Obviously, ignore my email then! I must have an old git branch checked-out!
On 21/03/12 10:07, Stefan Winter wrote:
Hi,
in some weird business case, I would like to generate a one-time use token for later consumption in post-auth. So when the user is accepted, trigger an
{sql:INSERT randomvalue INTO someplace}
The value should be new for every Access-Accept. I wonder how to generate such a random value with unlang. Is there some {%rand} or anything like that?
Currently I do it embedded in the INSERT:
INSERT ... SHA1(RAND())... INTO someplace
but our MySQL admins don't like me doing that. So I'd prefer to do this on FreeRADIUS and send a simple string to the DB.
How secure a random value? You could generate a reasonably unique value with something like: update request { My-Random := "%{md5:A-Secret-String/%l/%n/%I}" } There's no built-in xlat for "rand()" but it would be very trivial to add: --- xlat.c 2012-03-21 11:00:51.736371799 +0000 +++ xlat.c~ 2012-01-05 17:06:51.512061373 +0000 @@ -628,17 +628,6 @@ return strlen(out); } -/** - * @brief Return a random integer - * - */ -static size_t xlat_rand(UNUSED void *instance, REQUEST *request, - char *fmt, char *out, size_t outlen, - UNUSED RADIUS_ESCAPE_STRING func) -{ - snprintf(out, outlen, "%d", fr_rand()); - return strlen(out); -} /** * @brief Convert a string to lowercase @@ -840,11 +829,6 @@ rad_assert(c != NULL); c->internal = TRUE; - xlat_register("rand", xlat_rand, &xlat_inst[0]); - c = xlat_find("rand"); - rad_assert(c != NULL); - c->internal = TRUE; - xlat_register("tolower", xlat_lc, &xlat_inst[0]); c = xlat_find("tolower"); rad_assert(c != NULL);
participants (3)
-
Matthew Newton -
Phil Mayers -
Stefan Winter