Re: adding Client-Short-Name attribute
* From: Guy Fraser * Subject: Re: adding Client-Short-Name attribute * Date: Mon, 01 Dec 2003 10:21:46 -0800 Here is a script I wrote in perl to process the clients.conf file and output a comma seperated variable list. This can be used to import the clients.conf into a database if you are using one. Then the shortname, doesn't need to take up an attribute, since it can be joined in. I am afraid I do not understand. My goal was to be able to group diverse clients and treat them all the same in the users file based upon a regex match. So for instance, when my users login with provider X ports, and provider X has Y radius servers, I can now put a default entry in to match on a value I control. That way I can use the same usernames/realmnames across multiple providers and still treat them differently, again based upon information that I control, the client's shortname. When/If provider X changes NAS-Identifier, nothing breaks here. When/If provider changes radius server addresses, or hostnames, it is still one edit in my files. Maybe I am missing something? Joe Joe Maimon wrote: Hello all, I am looking into adding the attribute client-short-name to be treated much as client-ip-address is in rlm_preprocess. However there seems to be two ways of going about obtaining the information. 1) Lookup the client name based on the request->packet->src_ipaddr 2) Modify the request structure to store the client. Any suggestions? Thanks, Joe - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: adding Client-Short-Name attribute
%$^&$* I forgot the stupid file :-[ . Here it is. #!/usr/bin/perl # $|=1; $clients=shift||'/usr/local/etc/raddb/clients.conf'; # Customize for your default domain $domain='incentre.net'; printf("client,secret,shortname,clienttype,login,password\n"); open CLIENTS, "<$clients" or die "Could not open $clients file\n"; while(){ chomp; s/^\s*//g; s/\s*#.*//g; if (!/^\s*$/ && /=/) { ($key,$val)=(split /\s*=\s*/,$_); $client_secret = $val if ($key eq 'secret'); $client_short = $val if ($key eq 'shortname'); $client_type = $val if ($key eq 'nastype'); $client_login = $val if ($key eq 'login'); $client_password = $val if ($key eq 'password'); } else { if (/\{/) { s/.*client\s+([^\s]*)\s+\{.*$/\1/; if (/^\d+\.\d+\.\d+\.\d+/) { $client = $_; } else { if (/\./ || /localhost/) { $name = $_ ; } else { $name = $_.".".$domain; } $addr = gethostbyname $name; ($a,$b,$c,$d)=unpack('C4',$addr); $client = "$a.$b.$c.$d"; #DEBUG# print $name." = ".$client."\n"; } # $client = $_; } else { if (/\}/) { @client_info = ($client_secret,$client_short,$client_type,$client_login,$client_password); $client_data = join(',',@client_info); $client_array{$client} .= $client_data; } } } } close CLIENTS; # Display data from %client_array associative array. foreach $nas (sort keys(%client_array)) { $data = $client_array{$nas}; ($secret,$shortname,$type,%login,$password) = split(',',$data); printf("%s,%s,%s,%s,%s,%s\n",$nas,$secret,$shortname,$type,$login,$password); }
Re: adding Client-Short-Name attribute
Here is a script I wrote in perl to process the clients.conf file and output a comma seperated variable list. This can be used to import the clients.conf into a database if you are using one. Then the shortname, doesn't need to take up an attribute, since it can be joined in. I have also updated dialupadmin to use part of this script to convert, the shortnames from the log files into an ip address based on the info in the clients file. I wrote this script before updateing the dialupadmin, files so this script does not contain the hostname to ip address translation, yet. I will be adding it to my script for myself, if others want it when I have updated it let me know, it has been handy for me so far. Joe Maimon wrote: Hello all, I am looking into adding the attribute client-short-name to be treated much as client-ip-address is in rlm_preprocess. However there seems to be two ways of going about obtaining the information. 1) Lookup the client name based on the request->packet->src_ipaddr 2) Modify the request structure to store the client. Any suggestions? Thanks, Joe - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Guy Fraser Network Administrator The Internet Centre 780-450-6787 , 1-888-450-6787 There is a fine line between genius and lunacy, fear not, walk the line with pride. Not all things will end up as you wanted, but you will certainly discover things the meek and timid will miss out on. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: adding Client-Short-Name attribute
Joe Maimon wrote: Hello all, I am looking into adding the attribute client-short-name to be treated much as client-ip-address is in rlm_preprocess. However there seems to be two ways of going about obtaining the information. 1) Lookup the client name based on the request->packet->src_ipaddr 2) Modify the request structure to store the client. Any suggestions? Thanks, Joe OK this patch seems to do it. I took the path of least resistance. Things done by the patch. 1) Move the code which adds client-ip-address to its own function , and updating calls to it. 2) Add attribute client-short-name 3) Add code to new function to add client-short-name to the request pairs if we can figure it out. 4) Update comments - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Only in freeradius-0.9.3-jm/libltdl: stamp-h1 diff -ur freeradius-0.9.3/share/dictionary freeradius-0.9.3-jm/share/dictionary --- freeradius-0.9.3/share/dictionary Wed Aug 27 12:00:15 2003 +++ freeradius-0.9.3-jm/share/dictionarySun Nov 30 12:10:50 2003 @@ -229,6 +229,7 @@ ATTRIBUTE Rewrite-Rule1078string ATTRIBUTE Sql-Group 1079string ATTRIBUTE Response-Packet-Type1080integer +ATTRIBUTE Client-Short-Name 1081string # # Non-Protocol Attributes diff -ur freeradius-0.9.3/src/include/radius.h freeradius-0.9.3-jm/src/include/radius.h --- freeradius-0.9.3/src/include/radius.h Mon Apr 21 16:39:57 2003 +++ freeradius-0.9.3-jm/src/include/radius.hSun Nov 30 12:12:44 2003 @@ -182,6 +182,7 @@ #define PW_REWRITE_RULE1078 #define PW_SQL_GROUP 1079 #define PW_RESPONSE_PACKET_TYPE1080 +#define PW_CLIENT_SHORT_NAME 1081 /* * Integer Translations diff -ur freeradius-0.9.3/src/modules/rlm_preprocess/rlm_preprocess.c freeradius-0.9.3-jm/src/modules/rlm_preprocess/rlm_preprocess.c --- freeradius-0.9.3/src/modules/rlm_preprocess/rlm_preprocess.cMon Jul 7 15:17:31 2003 +++ freeradius-0.9.3-jm/src/modules/rlm_preprocess/rlm_preprocess.c Sun Nov 30 15:06:07 2003 @@ -564,7 +564,12 @@ /* * If the NAS wasn't smart enought to add a NAS-IP-Address * to the request, then add it ourselves. + * + * Note also that this is a server configuration item, + * and will NOT make it to any packets being sent from + * the server. */ + static void add_nas_attr(REQUEST *request) { VALUE_PAIR *nas; @@ -581,28 +586,68 @@ pairadd(&request->packet->vps, nas); } +} + +/* + * Note also that these are server configuration items, + * and will NOT make it to any packets being sent from + * the server. + */ + + +static void add_client_attr(REQUEST *request) +{ + VALUE_PAIR *client_attr = NULL; + RADCLIENT *client = NULL; + + + /* * Add in a Client-IP-Address, to tell the user * the source IP of the request. That is, the client, * * Note that this MAY BE different from the NAS-IP-Address, * especially if the request is being proxied. +*/ + + client_attr = pairfind(request->packet->vps, PW_CLIENT_IP_ADDRESS); + if (!client_attr) { + client_attr = paircreate(PW_CLIENT_IP_ADDRESS, PW_TYPE_IPADDR); + if (!client_attr) { + radlog(L_ERR, "No memory"); + exit(1); + } + client_attr->lvalue = request->packet->src_ipaddr; + ip_hostname(client_attr->strvalue, sizeof(client_attr->strvalue), client_attr->lvalue); + pairadd(&request->packet->vps, client_attr); + } + + /* +* Add in a Client-Short-Name, so that we may match on short +* name of the client who made the request * -* Note also that this is a server configuration item, -* and will NOT make it to any packets being sent from -* the server. */ - nas = paircreate(PW_CLIENT_IP_ADDRESS, PW_TYPE_IPADDR); - if (!nas) { - radlog(L_ERR, "No memory"); - exit(1); + + client_attr = NULL; + client = client_find(request->packet->src_ipaddr); + if(!client) + return; + + client_attr = pairfind(request->packet->vps, PW_CLIENT_SHORT_NAME); + if (!client_attr) { + client_attr = paircreate(PW_CLIENT_SHORT_NAME, PW_TYPE_STRING); + if (!client_attr) { + radlog(L_ERR, "No memory"); + exit(1); + } + + strncpy(client_attr->strvalue,client->shortname,sizeof(client->shortname)-1); + client_attr->strvalue[sizeof(client->shortname)-1] = '\0'; + pairadd(&request->packet->vps, client_attr); } -