Dear Friends,
I am modifed the script we were discussing, to perform COA and assign new bandwidth (speed2) ,to the user who exceeds allocated quota (maxquota) . I have already tested COA manually via radpwtst command, it was successful and was acknowledged by the NAS. I want the below perl script to perform COA ,when certain conditions are met. I have the following question, for which i would really appreciate your guidance and advice.

1. Can you  check if the COA part in the below script is configured the
   right way ,advice me if there is anything extra that needs to be added .
2. I also require to get ($Radius::Radius::?  dictionary definitions
   of) Acct-Session-Id and Framed-IP-Address from the Accounting packet
   just like how it is done for User-Name (my
   $username=$p->getAttrByNum($Radius::Radius::USER_NAME); please
   provide me with the similar script line for Acct-Session-Id and
   Framed-IP-Address like
   my $acctsessionid= $p->getAttrByNum($Radius::Radius::___________)
   and my $framedipaddress =
   $p->getAttrByNum($Radius::Radius::____________).
3. Please check if the below hook file as a whole and kindly see &
   advice if it meets the requirements for the COA.

Script
-------------------------------------------------------------------------
#! /usr/bin/perl -w
use strict;
use warnings;
use diagnostics;

sub {

# OBJECT REF

        my $p = ${$_[0]};
        my $r = ${$_[1]};

# RETURN VOID

        return unless ($p->code() eq 'Accounting-Request')
                                && (${$_[2]} == $main::ACCEPT);

        my $handler             = $p->{Handler};

        my $identifier          = $handler->{thomas};

&main::log($main::LOG_DEBUG, "Running PostAuthHook: Using Identifier
$identifier");

        my $username            =
$p->getAttrByNum($Radius::Radius::USER_NAME);


        my $sess_handle         = Radius::SessGeneric::find($identifier);

        my $query               = undef;


&main::log($main::LOG_DEBUG, "Running PostAuthHook sql query check for :
$username");

$query = "select username from quotasubscribers where switched = 0 and type = 'Q' and monthlycounter >= maxquota ";
                my $sth = $sess_handle->prepareAndExecute($query);
                my @row = $sess_handle->getOneRow($sth);
                $sth->finish;
                my $db_user_name = $row[0];



if ( $db_user_name eq  $username )
{ &main::log($main::LOG_DEBUG, "Running PostAuthHook sql query check for speed2 ,the speed assigned after user exceeds allocated qouta");

$query = "select speed2 from quotasubscribers where switched = 0 and type = 'Q' and monthlycounter >= maxquota ";
                my $sth = $sess_handle->prepareAndExecute($query);
                my @row = $sess_handle->getOneRow($sth);
                $sth->finish;
                my $speed2 = $row[0];

    main::log($main::LOG_DEBUG, 'Starting COA execution '); \

    my $user_name = $p->get_attr('User-Name'); \
my $sess_id = $p->get_attr('Acct-Session-Id'); \ # ########This is where i require the Radius::Radius::_____ definition my $framed_ipaddress = $p->get_attr('Framed-IP-Address'); \ # ######## This is where i require the Radius::Radius::_____ definition

my @coa_attrs = ("User-Name=$user_name", "Acct-Session-Id=$sess_id", "Framed-IP-Address=$framed_ipaddress", "cisco-Policy-Up=$speed2", "cisco-Policy-Down=$speed2);\

push @cmd_args, ("-trace", "4", "-bind_address", "0.0.0.0", "-auth_port", "3799", "-secret", "XXXXX", "-s", "10.20.1.25"); \

          my @cmd = ("perl", "radpwtst"); \

main::log($main::LOG_DEBUG, "Running command: @cmd @cmd_args @coa_attrs"); \

          system (@cmd, @cmd_args, @coa_attrs); \





&main::log($main::LOG_DEBUG, "The user $db_user_name has exceeded allocated quota and is been limited to $speed2");

}else

&main::log($main::LOG_DEBUG, "The user $username either has not yet exceeded allocated quota or isnt a quota based user");


}
-------------------------------------------------------------------


Requesting your kind help & coooperation,

Thomas Kurian
IT Security Engineer (B.Tech. – Electrical)
Kuwaiti Canadian Consulting Group (www.kccg.com)
T: +965 22435566
F: +965 22415149
E:tho...@kccg.com

On 3/30/2013 11:37 AM, Heikki Vatiainen wrote:
On 03/29/2013 07:29 PM, Thomas Kurian wrote:

I appended the additional config lines you sent me in your reply. But i
still did not get the required result. I have included the error logged
in the log file. Please advice me on how to resolve this error based on
the updated script.
Here $self is undefined. See the line where you have $self=undef;
  my @row = $self->getOneRow($sth);

you could try this:
  my @row = $sess_handle->getOneRow($sth);

I also commented out some config lines  in the script file, can you
please check if these are just unwanted statements which is not required
for my purpose with the hook.
I see a couple of lines related to generating random numbers. All I can
say is they seem not to be used by your script.

I just want to check if the user crossed his allocated quota , if yes
then i need to call the web link containing username.

Also i could not find any prepared statements or quote() to get
User-Name from a SQL query in the sqlDb.pm file . Can you please point
out these prepared statements from the file.
Instead of doing this:

  my $username = "whatever";
  my $query = "select something from users where username='$username'";
  prepareAndExecute($query);

You can keep the $query constant and call it with the variables like this:

  my $username = "whatever";
  my @bind_variables;
  push @bind_variables, $username;
  my $query = "select something from users where username=?";
  prepareAndExecute($query, @bind_variables);

In this way the query can be processed only once by the SQL layer and
executed multiple times with the different contents of bind_variables.

See section "5.4 Bind Variables" in the reference manual for more.


Also tell me the syntax for adding additional log() calls._
You already call main::log once. Just add more of these to keep track
what your hook is doing. That will help with development.

Thanks,
Heikki


error log_
Thu Mar 28 09:36:40 2013: DEBUG: AuthBy SQL result: ACCEPT,
Thu Mar 28 09:36:40 2013: DEBUG: Running PostAuthHook: Using Identifier

Thu Mar 28 09:36:40 2013: DEBUG: Query to 'dbi:ODBC:IRONMAN': 'select
username from quotasubscribers where switched = 0 and type = 'Q' and
monthlycounter >= maxquota '$
Thu Mar 28 09:36:40 2013: ERR: Error in PostAuthHook(): Can't call
method "getOneRow" on an undefined value at (eval 53) line 50.
_
__Updated Script_
#! /usr/bin/perl -w
use strict;
use warnings;
use diagnostics;
use URI::Escape ('uri_escape');
require LWP::UserAgent;
sub {

# OBJECT REF

         my $p = ${$_[0]};
         my $r = ${$_[1]};

# RETURN VOID

         return unless ($p->code() eq 'Accounting-Request')
                                 && (${$_[2]} == $main::ACCEPT);

         my $handler             = $p->{Handler};

         my $identifier          = $handler->{thomas};

         &main::log($main::LOG_DEBUG, "Running PostAuthHook: Using Identifier
$identifier");

         my $username            =
$p->getAttrByNum($Radius::Radius::USER_NAME);


         my $sess_handle         = Radius::SessGeneric::find($identifier);

         my $query               = undef;
         my $self                = undef;

         #my $rt                  = $p->{RecvTime};

        # my $lower               = 1000;

       #  my $upper               = 2000000;

        # my $random              = int(rand( $upper-$lower+1 ) ) + $lower;

         #my $reallyrandom        = $random.$rt;


                 $query  = "select username from quotasubscribers where
switched = 0 and type = 'Q' and monthlycounter >= maxquota ";
                 my $sth = $sess_handle->prepareAndExecute($query);
                 my @row = $self->getOneRow($sth);
                 $sth->finish;
                 my $db_user_name = $row[0];

my $ua = LWP::UserAgent->new;
if ( $db_user_name eq  $username )
{my $response = $ua->get('http://94.187.187.8:880/changespeed.aspx?uname=' .
   uri_escape($username) .
   '&pwd=peter'
);
         if ($response->is_success)
         {
          print $response->content; # or whatever
         }
         else
         {
          die $response->status_line;
         }
}

}


--
Requesting your kind help & cooperation ,

Thomas Kurian
IT Security Engineer (B.Tech. – Electrical)
Kuwaiti Canadian Consulting Group (www.kccg.com)
T: +965 22435566
F: +965 22415149
E:tho...@kccg.com








_______________________________________________
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator

Reply via email to