From: ivan Date: Thu, 6 Jul 2000 08:57:28 +0000 (+0000) Subject: support for radius check attributes (except importing). poorly documented. X-Git-Tag: freeside_1_3_0~95 X-Git-Url: http://git.freeside.biz/gitweb/?p=freeside.git;a=commitdiff_plain;h=61fc4e61c6644d2e0abdffe8cbdfafd4b092e84b support for radius check attributes (except importing). poorly documented. --- diff --git a/FS/FS/svc_acct.pm b/FS/FS/svc_acct.pm index a59d86331..558e3838b 100644 --- a/FS/FS/svc_acct.pm +++ b/FS/FS/svc_acct.pm @@ -4,6 +4,7 @@ use strict; use vars qw( @ISA $nossh_hack $conf $dir_prefix @shells $usernamemin $usernamemax $passwordmin $shellmachine @saltset @pw_set); +use Carp; use FS::Conf; use FS::Record qw( qsearchs fields ); use FS::svc_Common; @@ -449,8 +450,19 @@ sub check { =item radius +Depriciated, use radius_reply instead. + +=cut + +sub radius { + carp "FS::svc_acct::radius depriciated, use radius_reply"; + $_[0]->radius_reply; +} + +=item radius_reply + Returns key/value pairs, suitable for assigning to a hash, for any RADIUS -attributes of this record. +reply attributes of this record. Note that this is now the preferred method for reading RADIUS attributes - accessing the columns directly is discouraged, as the column names are @@ -458,7 +470,7 @@ expected to change in the future. =cut -sub radius { +sub radius_reply { my $self = shift; map { /^(radius_(.*))$/; @@ -468,11 +480,29 @@ sub radius { } grep { /^radius_/ && $self->getfield($_) } fields( $self->table ); } +=item radius_check + +Returns key/value pairs, suitable for assigning to a hash, for any RADIUS +check attributes of this record. + +Accessing RADIUS attributes directly is not supported and will break in the +future. + =back +sub radius_check { + my $self = shift; + map { + /^(rc_(.*))$/; + my($column, $attrib) = ($1, $2); + $attrib =~ s/_/\-/g; + ( $attrib, $self->getfield($column) ); + } grep { /^rc_/ && $self->getfield($_) } fields( $self->table ); +} + =head1 VERSION -$Id: svc_acct.pm,v 1.8 2000-07-04 13:42:37 ivan Exp $ +$Id: svc_acct.pm,v 1.9 2000-07-06 08:57:27 ivan Exp $ =head1 BUGS diff --git a/TODO b/TODO index 0d16f157a..99c0b2690 100644 --- a/TODO +++ b/TODO @@ -1,4 +1,4 @@ -$Id: TODO,v 1.47 2000-07-03 09:03:14 ivan Exp $ +$Id: TODO,v 1.48 2000-07-06 08:57:27 ivan Exp $ If you are interested in helping with any of these, please join the mailing list (send a blank message to ivan-freeside-subscribe@sisd.com) to avoid @@ -6,6 +6,10 @@ duplication of effort. --- +hmm - if you delete an account in svc_acct somehow that a mail alias points to, +svc_acct_sm.export will fail. make sure this can't be done using +the web interface. + Bug: during the linking process apparantly you can link too many services to a package. *sigh* diff --git a/bin/fs-radius-add b/bin/fs-radius-add deleted file mode 100755 index 707926677..000000000 --- a/bin/fs-radius-add +++ /dev/null @@ -1,53 +0,0 @@ -#!/usr/bin/perl -Tw - -# quick'n'dirty hack of fs-setup to add radius attributes - -use strict; -use DBI; -use FS::UID qw(adminsuidsetup checkeuid getsecrets); -die "Not running uid freeside!" unless checkeuid(); - -my $user = shift or die &usage; -getsecrets($user); - -my $dbh = adminsuidsetup $user; - -### - -print "\n\n", <); - chop $x; - $x; -} - -### - -my($char_d) = 80; #default maxlength for text fields - -### - -foreach my $attribute ( @attributes ) { - foreach my $statement ( - "ALTER TABLE svc_acct ADD radius_$attribute varchar($char_d) NULL", - "ALTER TABLE svc_acct ADD radius_$attribute varchar($char_d) NULL", - "ALTER TABLE part_svc ADD svc_acct__radius_$attribute varchar($char_d) NULL;", - "ALTER TABLE part_svc ADD svc_acct__radius_${attribute}_flag char(1) NULL;", - ) { - $dbh->do( $statement ) or warn "Error executing $statement: ". $dbh->errstr; } -} - -$dbh->disconnect or die $dbh->errstr; - -print "\n\n", "Now you must run dbdef-create.\n\n"; - -sub usage { - die "Usage:\n fs-radius-add user\n"; -} - - diff --git a/bin/fs-radius-add-check b/bin/fs-radius-add-check new file mode 100755 index 000000000..435f3e88a --- /dev/null +++ b/bin/fs-radius-add-check @@ -0,0 +1,53 @@ +#!/usr/bin/perl -Tw + +# quick'n'dirty hack of fs-setup to add radius attributes + +use strict; +use DBI; +use FS::UID qw(adminsuidsetup checkeuid getsecrets); +die "Not running uid freeside!" unless checkeuid(); + +my $user = shift or die &usage; +getsecrets($user); + +my $dbh = adminsuidsetup $user; + +### + +print "\n\n", <); + chop $x; + $x; +} + +### + +my($char_d) = 80; #default maxlength for text fields + +### + +foreach my $attribute ( @attributes ) { + foreach my $statement ( + "ALTER TABLE svc_acct ADD rc_$attribute varchar($char_d) NULL", + "ALTER TABLE svc_acct ADD rc_$attribute varchar($char_d) NULL", + "ALTER TABLE part_svc ADD svc_acct__rc_$attribute varchar($char_d) NULL;", + "ALTER TABLE part_svc ADD svc_acct__rc_${attribute}_flag char(1) NULL;", + ) { + $dbh->do( $statement ) or warn "Error executing $statement: ". $dbh->errstr; } +} + +$dbh->disconnect or die $dbh->errstr; + +print "\n\n", "Now you must run dbdef-create.\n\n"; + +sub usage { + die "Usage:\n fs-radius-add user\n"; +} + + diff --git a/bin/fs-radius-add-reply b/bin/fs-radius-add-reply new file mode 100755 index 000000000..23a8d78a3 --- /dev/null +++ b/bin/fs-radius-add-reply @@ -0,0 +1,53 @@ +#!/usr/bin/perl -Tw + +# quick'n'dirty hack of fs-setup to add radius attributes + +use strict; +use DBI; +use FS::UID qw(adminsuidsetup checkeuid getsecrets); +die "Not running uid freeside!" unless checkeuid(); + +my $user = shift or die &usage; +getsecrets($user); + +my $dbh = adminsuidsetup $user; + +### + +print "\n\n", <); + chop $x; + $x; +} + +### + +my($char_d) = 80; #default maxlength for text fields + +### + +foreach my $attribute ( @attributes ) { + foreach my $statement ( + "ALTER TABLE svc_acct ADD radius_$attribute varchar($char_d) NULL", + "ALTER TABLE svc_acct ADD radius_$attribute varchar($char_d) NULL", + "ALTER TABLE part_svc ADD svc_acct__radius_$attribute varchar($char_d) NULL;", + "ALTER TABLE part_svc ADD svc_acct__radius_${attribute}_flag char(1) NULL;", + ) { + $dbh->do( $statement ) or warn "Error executing $statement: ". $dbh->errstr; } +} + +$dbh->disconnect or die $dbh->errstr; + +print "\n\n", "Now you must run dbdef-create.\n\n"; + +sub usage { + die "Usage:\n fs-radius-add user\n"; +} + + diff --git a/bin/fs-setup b/bin/fs-setup index 002a4ed4c..ac8ff5eb7 100755 --- a/bin/fs-setup +++ b/bin/fs-setup @@ -1,6 +1,6 @@ #!/usr/bin/perl -Tw # -# $Id: fs-setup,v 1.25 2000-06-29 12:00:49 ivan Exp $ +# $Id: fs-setup,v 1.26 2000-07-06 08:57:27 ivan Exp $ # # ivan@sisd.com 97-nov-8,9 # @@ -32,7 +32,10 @@ # fix radius attributes ivan@sisd.com 98-sep-27 # # $Log: fs-setup,v $ -# Revision 1.25 2000-06-29 12:00:49 ivan +# Revision 1.26 2000-07-06 08:57:27 ivan +# support for radius check attributes (except importing). poorly documented. +# +# Revision 1.25 2000/06/29 12:00:49 ivan # support for pre-encrypted md5 passwords. # # Revision 1.24 2000/03/02 07:44:07 ivan @@ -127,9 +130,16 @@ print "\nEnter the maximum username length: "; my($username_len)=&getvalue; print "\n\n", <addcolumn( new FS::dbdef_column ( + 'rc_'. $attribute, + 'varchar', + 'NULL', + $char_d, + )); +} + #make part_svc table (but now as object) my($part_svc)=$dbdef->table('part_svc'); diff --git a/bin/svc_acct.export b/bin/svc_acct.export index 53fd1f0c7..57be2ddb7 100755 --- a/bin/svc_acct.export +++ b/bin/svc_acct.export @@ -1,6 +1,6 @@ #!/usr/bin/perl -w # -# $Id: svc_acct.export,v 1.14 2000-06-29 15:01:25 ivan Exp $ +# $Id: svc_acct.export,v 1.15 2000-07-06 08:57:28 ivan Exp $ # # Create and export password files: passwd, passwd.adjunct, shadow, # acp_passwd, acp_userinfo, acp_dialup, users @@ -38,7 +38,10 @@ # ivan@sisd.com 98-sep-18 # # $Log: svc_acct.export,v $ -# Revision 1.14 2000-06-29 15:01:25 ivan +# Revision 1.15 2000-07-06 08:57:28 ivan +# support for radius check attributes (except importing). poorly documented. +# +# Revision 1.14 2000/06/29 15:01:25 ivan # another silly typo in svc_acct.export # # Revision 1.13 2000/06/28 12:37:28 ivan @@ -240,16 +243,24 @@ foreach $svc_acct (@svc_acct) { print ACP_DIALUP $svc_acct->username, "\t*\t", $svc_acct->slipip, "\n"; } - my %radius = $svc_acct->radius; + my %radreply = $svc_acct->radius_reply; + my %radcheck = $svc_acct->radius_check; + + my $radcheck = join ", ", map { qq($_ = "$radcheck{$_}") } keys %radcheck; + $radcheck .= ", " if $radcheck; ### # FORMAT OF THE USERS FILE HERE print USERS - $svc_acct->username, qq(\t${textradiusprepend}Password = "$rpassword"\n\t), - join ",\n\t", map { qq($_ = "$radius{$_}") } keys %radius; + $svc_acct->username, + qq(\t${textradiusprepend}), + $radcheck, + qq(Password = "$rpassword"\n\t), + join ",\n\t", map { qq($_ = "$radreply{$_}") } keys %radreply; if ( $ip && $ip ne '0e0' ) { - print USERS qq(,\n\tFramed-Address = "$ip"\n\n); + #print USERS qq(,\n\tFramed-Address = "$ip"\n\n); + print USERS qq(,\n\tFramed-IP-Address = "$ip"\n\n); } else { print USERS qq(\n\n); } @@ -257,6 +268,7 @@ foreach $svc_acct (@svc_acct) { ### # ICRADIUS export if ( $icradiusmachines ) { + my $sth = $icradius_dbh->prepare( "INSERT INTO radcheck ( id, UserName, Attribute, Value ) VALUES ( ". join(", ", map { $icradius_dbh->quote( $_ ) } ( @@ -268,14 +280,27 @@ foreach $svc_acct (@svc_acct) { ); $sth->execute or die "Can't insert into radcheck table: ". $sth->errstr; - foreach my $attribute ( keys %radius ) { + foreach my $attribute ( keys %radcheck ) { + my $sth = $icradius_dbh->prepare( + "INSERT INTO radcheck ( id, UserName, Attribute, Value ) VALUES ( ". + join(", ", map { $icradius_dbh->quote( $_ ) } ( + '', + $svc_acct->username, + $attribute + $radcheck{$attribute}, + ) ). " )" + ); + $sth->execute or die "Can't insert into radcheck table: ". $sth->errstr; + } + + foreach my $attribute ( keys %radreply ) { my $sth = $icradius_dbh->prepare( "INSERT INTO radreply (id, UserName, Attribute, Value) VALUES ( ". join(", ", map { $icradius_dbh->quote( $_ ) } ( '', $svc_acct->username, $attribute, - $radius{$attribute}, + $radreply{$attribute}, ) ). " )" ); $sth->execute or die "Can't insert into radreply table: ". $sth->errstr; diff --git a/htdocs/docs/export.html b/htdocs/docs/export.html index 82da86c17..d8bc6946f 100644 --- a/htdocs/docs/export.html +++ b/htdocs/docs/export.html @@ -12,7 +12,7 @@ it is reccommended that you replicate the data to an external RADIUS machine rat
  • nismachines - passwd and shadow are copied to the /etc/global directory on the remote machine. If no errors occur, the command ( cd /var/yp; make; ) is executed on the remote machine.
  • erpcdmachines - acp_passwd and acp_dialup are copied to the /usr/annex directory on the remote machine. If no errors occur, the command ( kill -USR1 `cat /usr/annex/erpcd.pid` ) is executed on the remote machine.
  • radiusmachines - users is copied to the /etc/raddb directory on the remote machine. If no errors occur, the command ( builddbm ) is executed on the remote machine. -
  • icradiusmachines - A local radcheck file will be created. If any machines are specified, the remote MySQL database will be locked and the radcheck table will be copied to the those machines. You may also need to set the icradius_mysqlsource and/or icradius_mysqldest configuration files. +
  • icradiusmachines - Local radcheck and radreply tables will be created. If any machines are specified, the remote MySQL database will be locked and the radcheck table will be copied to the those machines. You may also need to set the icradius_mysqlsource and/or icradius_mysqldest configuration files. Currently you need to be running MySQL for your Freeside database to use this feature.
  • site_perl/svc_acct.pm - If a shellmachine is defined, users can be created, modified and deleted remotely; see below.