(RADIATOR) Password Extraction Probs
I'm still completely at a loss as to how to make the plaintext password supplied in the radius packet available to the module I am hacking for LDAP authentication. My perl isnt up to spotting how to get the routines elsewhere in Radiator to work for me and supply this. Please could someone talk me through it? (slowly and with no long words, for preference!) I'm running Radiator-2.14 under FreeBSD 3.2-Release with Perl version 5.005_03 built for i386-freebsd. The relevant part of my config for testing this function is: Realm MaxSessions 2 AuthBy NEWLDAP Hostx.mcc.ac.uk Port389 BaseDN c=UK UsernameAttruid CheckAttr checkitems ReplyAttr replyitems /AuthBy AcctLogFileName %L/LDAP-detail.%m%y PasswordLogFileName %L/LDAP-passwd-log.%m%y ExcludeFromPasswordLog yyy RejectHasReason /Realm The relevant portion of my optimistically-named NEWLDAP module is: sub findUser { my ($self, $name, $p) = @_; return (undef, 1) unless $self-reconnect; return (undef, 1) unless $self-anonbind; my $user; my @attrs; push(@attrs, $self-{CheckAttr}) if defined $self-{CheckAttr}; push(@attrs, $self-{ReplyAttr}) if defined $self-{ReplyAttr}; my $result = $self-{ld}-search (base = $self-{BaseDN}, scope = 'sub', filter = "($self-{UsernameAttr}=$name)", attrs = \@attrs); if (!$result || $result-code() != LDAP_SUCCESS) { my $code = $result ? $result-code() : -1; my $errname = ldap_error_name($code); $self-log($main::LOG_ERR, "ldap search failed with error $errn $self-{ld} = undef; return (undef, 1); } my $entry = $result-entry(0); if ($entry) { $user = new Radius::User; my $dn = $entry-dn; $self-log($main::LOG_DEBUG, "LDAP got result for $dn"); my ($attr); foreach $attr ($entry-attributes()) { my @vals = $entry-get($attr); $self-log($main::LOG_DEBUG, "LDAP got $attr: @vals"); $attr = lc $attr; if ($attr eq lc $self-{CheckAttr}) { $user-get_check-parse(join ',', @vals); } elsif ($attr eq lc $self-{ReplyAttr}) { $user-get_reply-parse(join ',', @vals); } } } else { $self-log($main::LOG_DEBUG, "No entries for $name found in LDAP database"); $self-unbind; return 0; } $self-unbind; # Now we connect and do the login as the user. return (undef, 1) unless $self-reconnect; # THIS NEEDS TO BE FIXED # As you can see, for testing, I've hard-coded a password, because # trying to extract it directly doesnt seem to work... yet! my $password = "monday"; # The commented out line below doesnt work! # my $password = $self-decode_password($self-{Client}-{Secret}); my $result = $self-{ld}-bind ( dn = $entry-dn, password = $password); if (!$result || $result-code() != LDAP_SUCCESS) { $self-log($main::LOG_DEBUG, "USER FAILED TO AUTHENTICATE"); my $code = $result ? $result-code() : -1; my $error = ldap_error_name($code); $self-log($main::LOG_DEBUG, "Error Code: $code\nError Name: $error"); $self-unbind; return 0; } $self-log($main::LOG_DEBUG, "USER AUTHENTICATED!"); return $user; } 1; Advice, please? I want to purchase Radiator (its currently on evaluation), but can't unless what I'm trying to do is at least possible... Thanks, M. -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Mark O'Leary,| Voice: +44 (0161) 2756110 | Mark O'Leary, Network Support Officer, | Fax: +44 (0161) 2756040 | Deputy Warden, Manchester Computing, UK | Email: [EMAIL PROTECTED] | Moberly Hall, UoM. === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Password Extraction Probs
Hi Mark, almost right. The line you commented out: my $password = $self-decode_password($self-{Client}-{Secret}); should be changed to be my $password = $p-decode_password($p-{Client}-{Secret}); and that will work for PAP passwords. ($p is the handle to the incoming request.) Hope that helps. Cheers. On Aug 25, 11:23am, Mark O'Leary wrote: Subject: (RADIATOR) Password Extraction Probs I'm still completely at a loss as to how to make the plaintext password supplied in the radius packet available to the module I am hacking for LDAP authentication. My perl isnt up to spotting how to get the routines elsewhere in Radiator to work for me and supply this. Please could someone talk me through it? (slowly and with no long words, for preference!) I'm running Radiator-2.14 under FreeBSD 3.2-Release with Perl version 5.005_03 built for i386-freebsd. The relevant part of my config for testing this function is: Realm MaxSessions 2 AuthBy NEWLDAP Hostx.mcc.ac.uk Port389 BaseDN c=UK UsernameAttruid CheckAttr checkitems ReplyAttr replyitems /AuthBy AcctLogFileName %L/LDAP-detail.%m%y PasswordLogFileName %L/LDAP-passwd-log.%m%y ExcludeFromPasswordLog yyy RejectHasReason /Realm The relevant portion of my optimistically-named NEWLDAP module is: sub findUser { my ($self, $name, $p) = @_; return (undef, 1) unless $self-reconnect; return (undef, 1) unless $self-anonbind; my $user; my @attrs; push(@attrs, $self-{CheckAttr}) if defined $self-{CheckAttr}; push(@attrs, $self-{ReplyAttr}) if defined $self-{ReplyAttr}; my $result = $self-{ld}-search (base = $self-{BaseDN}, scope = 'sub', filter = "($self-{UsernameAttr}=$name)", attrs = \@attrs); if (!$result || $result-code() != LDAP_SUCCESS) { my $code = $result ? $result-code() : -1; my $errname = ldap_error_name($code); $self-log($main::LOG_ERR, "ldap search failed with error $errn $self-{ld} = undef; return (undef, 1); } my $entry = $result-entry(0); if ($entry) { $user = new Radius::User; my $dn = $entry-dn; $self-log($main::LOG_DEBUG, "LDAP got result for $dn"); my ($attr); foreach $attr ($entry-attributes()) { my @vals = $entry-get($attr); $self-log($main::LOG_DEBUG, "LDAP got $attr: @vals"); $attr = lc $attr; if ($attr eq lc $self-{CheckAttr}) { $user-get_check-parse(join ',', @vals); } elsif ($attr eq lc $self-{ReplyAttr}) { $user-get_reply-parse(join ',', @vals); } } } else { $self-log($main::LOG_DEBUG, "No entries for $name found in LDAP database"); $self-unbind; return 0; } $self-unbind; # Now we connect and do the login as the user. return (undef, 1) unless $self-reconnect; # THIS NEEDS TO BE FIXED # As you can see, for testing, I've hard-coded a password, because # trying to extract it directly doesnt seem to work... yet! my $password = "monday"; # The commented out line below doesnt work! # my $password = $self-decode_password($self-{Client}-{Secret}); my $result = $self-{ld}-bind ( dn = $entry-dn, password = $password); if (!$result || $result-code() != LDAP_SUCCESS) { $self-log($main::LOG_DEBUG, "USER FAILED TO AUTHENTICATE"); my $code = $result ? $result-code() : -1; my $error = ldap_error_name($code); $self-log($main::LOG_DEBUG, "Error Code: $code\nError Name: $error"); $self-unbind; return 0; } $self-log($main::LOG_DEBUG, "USER AUTHENTICATED!"); return $user; } 1; Advice, please? I want to purchase Radiator (its currently on evaluation), but can't unless what I'm trying to do is at least possible... Thanks, M. -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Mark O'Leary,| Voice: +44 (0161) 2756110 | Mark O'Leary, Network Support Officer, | Fax: +44