From f4d66dd45289b2811fdc445a4a3e8233c0824be3 Mon Sep 17 00:00:00 2001
From: Nigel Kukard <nkukard@lbsd.net>
Date: Mon, 27 Apr 2009 10:04:15 +0000
Subject: [PATCH] * Fixed up config attributes in smradiusd * Added function to
get attribute values in attributes.pm * Fixed some of the function names for
attribute operations
---
smradius/attributes.pm | 38 +++++++---
smradiusd | 158 +++--------------------------------------
2 files changed, 39 insertions(+), 157 deletions(-)
diff --git a/smradius/attributes.pm b/smradius/attributes.pm
index 75a4771a..71995140 100644
--- a/smradius/attributes.pm
+++ b/smradius/attributes.pm
@@ -29,9 +29,11 @@ our (@ISA,@EXPORT);
@ISA = qw(Exporter);
@EXPORT = qw(
addAttribute
- checkAttributeAuth
+ checkAuthAttribute
getReplyAttribute
- checkAttributeConfig
+ processConfigAttribute
+
+ getAttributeValue
);
@@ -79,13 +81,13 @@ sub addAttribute
-## @fn checkAttributeAuth($server,$packetAttributes,$attribute)
+## @fn checkAuthAttribute($server,$packetAttributes,$attribute)
# Function to check an attribute in the authorization stage
#
# @param server Server instance
# @param packetAttributes Hashref of attributes provided, eg. Those from the packet
# @param attribute Attribute to check, eg. One of the ones from the database
-sub checkAttributeAuth
+sub checkAuthAttribute
{
my ($server,$packetAttributes,$attribute) = @_;
@@ -408,13 +410,13 @@ sub getReplyAttribute
-## @fn checkAttributeConfig($server,$packetAttributes,$attribute)
-# Function to check an attribute in the configuration stage
+## @fn processConfigAttribute($server,$packetAttributes,$attribute)
+# Function to process a configuration attribute
#
# @param server Server instance
# @param packetAttributes Hashref of attributes provided, eg. Those from the packet
-# @param attribute Attribute to check, eg. One of the ones from the database
-sub checkAttributeConfig
+# @param attribute Attribute to process, eg. One of the ones from the database
+sub processConfigAttribute
{
my ($server,$configAttributes,$attribute) = @_;
@@ -433,7 +435,6 @@ sub checkAttributeConfig
$server->log(LOG_DEBUG,"[ATTRIBUTES] Processing CONFIG attribute: '".$attribute->{'Name'}."' ".
$attribute->{'Operator'}." '".join("','",@attrValues)."'");
- # FIXME
# Operator: +=
#
# Use: Attribute += Value
@@ -447,7 +448,6 @@ sub checkAttributeConfig
$server->log(LOG_DEBUG,"[ATTRIBUTES] Operator '+=' triggered: Adding item to configuration items.");
push(@{$configAttributes->{$attribute->{'Name'}}},@attrValues);
- # FIXME
# Operator: :=
#
# Use: Attribute := Value
@@ -468,8 +468,26 @@ sub checkAttributeConfig
}
+## @fn getAttributeValue($attributes,$attrName)
+# Function which will return an attributes value
+#
+# @param attributes Attribute hash
+# @param attrName Attribute name
+#
+# @return Attribute value
+sub getAttributeValue
+{
+ my ($attributes,$attrName) = @_;
+
+ my $value;
+ # Set the value to the first item in the array
+ if (defined($attributes->{$attrName})) {
+ ($value) = @{$attributes->{$attrName}};
+ }
+ return $value;
+}
1;
diff --git a/smradiusd b/smradiusd
index e365a6f3..02142ff4 100755
--- a/smradiusd
+++ b/smradiusd
@@ -487,9 +487,7 @@ sub process_request {
#
# GRAB & PROCESS CONFIG
#
-
- # Build a list of our attributes in the packet
- my $configAttributes = {};
+ $user->{'ConfigAttributes'} = {};
foreach my $module (@{$self->{'plugins'}}) {
# Try find config attribute
@@ -507,13 +505,16 @@ sub process_request {
# Grab attribute
my $attr = $configData->{$attrName}->{$attrOp};
# Process attribute
- my $res = checkAttributeConfig($self,$user->{'ConfigAttributes'},$attr);
+ my $res = processConfigAttribute($self,$user->{'ConfigAttributes'},$attr);
}
}
}
}
}
+ # FIXME - need secret
+ # FIXME - need acl list
+use Data::Dumper; print (STDERR Dumper(getAttributeValue($user->{'ConfigAttributes'},"SMRadius-Config-Secret")));
#
# START PROCESSING
@@ -614,7 +615,7 @@ sub process_request {
$resp->set_code('Accounting-Response');
$resp->set_identifier($pkt->identifier);
$resp->set_authenticator($pkt->authenticator);
- $udp_packet = auth_resp($resp->pack, "test");
+ $udp_packet = auth_resp($resp->pack, getAttributeValue($user->{'ConfigAttributes'},"SMRadius-Config-Secret"));
$server->{'client'}->send($udp_packet);
my $killConnection = 0;
@@ -665,7 +666,7 @@ sub process_request {
$resp->set_attr('Framed-IP-Address',$pkt->attr('Framed-IP-Address'));
$resp->set_attr('NAS-IP-Address',$pkt->attr('NAS-IP-Address'));
- $udp_packet = auth_resp($resp->pack, "test");
+ $udp_packet = auth_resp($resp->pack, getAttributeValue($user->{'ConfigAttributes'},"SMRadius-Config-Secret"));
# Create socket to send packet out on
my $podServer = "10.254.254.239";
@@ -815,7 +816,7 @@ sub process_request {
# Grab attribute
my $attr = $user->{'Attributes'}->{$attrName}->{$attrOp};
# Check attribute against authorization attributes
- my $res = checkAttributeAuth($self,$authAttributes,$attr);
+ my $res = checkAuthAttribute($self,$authAttributes,$attr);
if ($res == 0) {
$authorized = 0;
last;
@@ -854,7 +855,7 @@ sub process_request {
}
}
- $udp_packet = auth_resp($resp->pack, "test");
+ $udp_packet = auth_resp($resp->pack, getAttributeValue($user->{'ConfigAttributes'},"SMRadius-Config-Secret"));
$server->{'client'}->send($udp_packet);
}
@@ -868,7 +869,7 @@ CHECK_RESULT:
$resp->set_code('Access-Reject');
$resp->set_identifier($pkt->identifier);
$resp->set_authenticator($pkt->authenticator);
- $udp_packet = auth_resp($resp->pack, "test");
+ $udp_packet = auth_resp($resp->pack, getAttributeValue($user->{'ConfigAttributes'},"SMRadius-Config-Secret"));
$server->{'client'}->send($udp_packet);
}
@@ -877,144 +878,7 @@ CHECK_RESULT:
$self->log(LOG_WARN,"[SMRADIUS] We cannot handle code: '".$pkt->code."'");
}
-return;
-# $pkt->dump;
-#
-# # PAP
-# if ((my $rawPassword = $pkt->attr('User-Password'))) {
-#
-#
-# print(STDERR "RECEIVED\n");
-# print(STDERR "User-Pass: len = ".length($rawPassword).", hex = ".unpack("H*",$rawPassword)."\n");
-# print(STDERR "\n\n");
-#
-# my $result = $pkt->password("test","User-Password");
-#
-# print(STDERR "CALC\n");
-# print(STDERR "Result : len = ".length($result).", hex = ".unpack("H*",$result).", password = $result\n");
-#
-# }
-#
-# # CHAP
-# if ((my $rawChallenge = $pkt->attr('CHAP-Challenge')) && (my $rawPassword = $pkt->attr('CHAP-Password'))) {
-# print(STDERR "This is a CHAP challenge....\n");
-#
-# print(STDERR "RECEIVED\n");
-# print(STDERR "Challenge: len = ".length($rawChallenge).", hex = ".unpack("H*",$rawChallenge)."\n");
-# print(STDERR "Password : len = ".length($rawPassword).", hex = ".unpack("H*",$rawPassword)."\n");
-# print(STDERR "\n\n");
-#
-# my $id = substr($rawPassword,0,1);
-# print(STDERR "ID: ".length($id).", hex = ".unpack("H*",$id)."\n");
-#
-# my $result = encode_chap($id,$rawChallenge,"mytest");
-#
-# print(STDERR "CALC\n");
-# print(STDERR "Result : len = ".length($result).", hex = ".unpack("H*",$result)."\n");
-# print(STDERR "\n\n");
-# }
-#
-#
-# # Is this a MSCHAP autehentication attempt?
-# if ((my $rawChallenge = $pkt->vsattr("311",'MS-CHAP-Challenge'))) {
-# print(STDERR "This is a MS-CHAP challenge....\n");
-#
-# # MSCHAPv1
-# if (my $rawResponse = $pkt->vsattr("311",'MS-CHAP-Response')) {
-# my $challenge = @{$rawChallenge}[0];
-# my $response = substr(@{$rawResponse}[0],2);
-#
-# print(STDERR "RECEIVED\n");
-# print(STDERR "Challenge: len = ".length($challenge).", hex = ".unpack("H*",$challenge)."\n");
-# print(STDERR "Reponse : len = ".length($response).", hex = ".unpack("H*",$response)."\n");
-# print(STDERR "\n\n");
-#
-#
-#
-# print(STDERR "CHOPPED OFFF!!\n");
-## my $peerChallenge = substr($response,0,16);
-# my $NtResponse = substr($response,24,24);
-## print(STDERR "Challenge: len = ".length($peerChallenge).", hex = ".unpack("H*",$peerChallenge)."\n");
-# print(STDERR "NTRespons: len = ".length($NtResponse).", hex = ".unpack("H*",$NtResponse)."\n");
-# print(STDERR "\n\n");
-#
-# my $unipass = "mytest";
-# $unipass =~ s/(.)/$1\0/g; # convert ASCII to unicaode
-# my $username = "nigel";
-#
-# print(STDERR "TEST\n");
-## my $ourChallenge = ChallengeHash($peerChallenge,$challenge,$username);
-# my $ourResponse = NtChallengeResponse($challenge,$unipass);
-# print(STDERR "Calculate: len = ".length($ourResponse).", hex = ".unpack("H*",$ourResponse)."\n");
-# print(STDERR "\n\n");
-#
-#
-# # MSCHAPv2
-# } elsif (my $rawResponse = $pkt->vsattr("311",'MS-CHAP2-Response')) {
-# my $challenge = @{$rawChallenge}[0];
-# my $response = substr(@{$rawResponse}[0],2);
-#
-# print(STDERR "RECEIVED\n");
-# print(STDERR "Challenge: len = ".length($challenge).", hex = ".unpack("H*",$challenge)."\n");
-# print(STDERR "Reponse : len = ".length($response).", hex = ".unpack("H*",$response)."\n");
-# print(STDERR "\n\n");
-#
-#
-#
-# print(STDERR "CHOPPED OFFF!!\n");
-# my $peerChallenge = substr($response,0,16);
-# my $NtRespnse = substr($response,24,24);
-# print(STDERR "Challenge: len = ".length($peerChallenge).", hex = ".unpack("H*",$peerChallenge)."\n");
-# print(STDERR "NTRespons: len = ".length($NtRespnse).", hex = ".unpack("H*",$NtRespnse)."\n");
-# print(STDERR "\n\n");
-#
-# my $unipass = "mytest";
-# $unipass =~ s/(.)/$1\0/g; # convert ASCII to unicaode
-# my $username = "nigel";
-#
-# print(STDERR "TEST\n");
-# my $ourChallenge = ChallengeHash($peerChallenge,$challenge,$username);
-# my $ourResponse = NtChallengeResponse($ourChallenge,$unipass);
-# print(STDERR "Calculate: len = ".length($ourResponse).", hex = ".unpack("H*",$ourResponse)."\n");
-# print(STDERR "\n\n");
-#
-#
-#
-# }
-# }
-#
-#
-#
-## printf("GOT PACKET: user = %s/%s, nas-ip = %s, nas-port-type = %s, nas-port = %s, connect-info = %s, service-type = %s\n",
-## $pkt->attr('User-Name'), $pkt->password('test'),
-## $pkt->attr('NAS-IP-Address'),
-## $pkt->attr('NAS-Port-Type'),
-## $pkt->attr('NAS-Port'),
-## $pkt->attr('Connect-Info'),
-## $pkt->attr('Service-Type')
-## );
-#
-#
-# if ($pkt->code eq "Accounting-Request") {
-# my $resp = Radius::Packet->new($self->{'config'}->{'dictionary'});
-# $resp->set_code('Accounting-Response');
-# $resp->set_identifier($pkt->identifier);
-# $resp->set_authenticator($pkt->authenticator);
-# $udp_packet = auth_resp($resp->pack, "test");
-# $server->{'client'}->send($udp_packet);
-#
-#
-# } elsif ($pkt->code eq "Access-Request") {
-# my $resp = Radius::Packet->new($self->{'config'}->{'dictionary'});
-# $resp->set_code('Access-Accept');
-# $resp->set_identifier($pkt->identifier);
-# $resp->set_authenticator($pkt->authenticator);
-# $resp->set_attr('Framed-IP-Address' => "192.168.0.233");
-# $udp_packet = auth_resp($resp->pack, "test");
-# $server->{'client'}->send($udp_packet);
-# }
-#
-
+ return;
}
--
GitLab