|
RADIUS::Packet - Object-oriented Perl interface to RADIUS packets |
RADIUS::Packet - Object-oriented Perl interface to RADIUS packets
use RADIUS::Packet; use RADIUS::Dictionary;
my $d = new RADIUS::Dictionary "/etc/radius/dictionary";
my $p = new RADIUS::Packet $d, $data; $p->dump;
if ($p->attr('User-Name' eq "lwall") {
my $resp = new RADIUS::Packet $d;
$resp->set_code('Access-Accept');
$resp->set_identifier($p->identifier);
$resp->set_authenticator($p->authenticator);
$resp->set_attr('Reply-Message') = "Welcome, Larry!\r\n";
my $respdat = auth_resp($resp->pack, "mysecret");
...
RADIUS (RFC2138) specifies a binary packet format which contains various values and attributes. RADIUS::Packet provides an interface to turn RADIUS packets into Perl data structures and vice-versa.
RADIUS::Packet does not provide functions for obtaining RADIUS packets from the network. A simple network RADIUS server is provided as an example at the end of this document. Also, a RADIUS::Server module is under development which will simplify the interface.
Access-Request Access-Accept
Access-Reject Accounting-Request
Accounting-Response Access-Challenge
Status-Server Status-Client
STRING Returned as a string.
INTEGER Returned as a Perl integer.
IPADDR Returned as a string (a.b.c.d)
TIME Returned as an integer
This document is (not yet) intended to be a complete description of how to implement a RADIUS server. Please see the RFCs (at ftp://ftp.livingston.com/pub/radius/) for that. The following is a brief description of the procedure:
1. Recieve a RADIUS request from the network.
2. Unpack it using this package.
3. Examine the attributes to determine the appropriate response.
4. Construct a response packet using this package.
Copy the Identifier and Authenticator fields from the request,
set the Code as appropriate, and fill in whatever Attributes
you wish to convey in to the server.
5. Call the pack method and use the auth_resp function to
authenticate it with your shared secret.
6. Send the response back over the network.
7. Lather, rinse, repeat.
#!/usr/local/bin/perl -w
use RADIUS::Dictionary;
use RADIUS::Packet;
use Net::Inet;
use Net::UDP;
use Fcntl;
use strict;
# This is a VERY simple RADIUS authentication server which responds
# to Access-Request packets with Access-Accept. This allows anyone
# to log in.
my $secret = "mysecret"; # Shared secret on the term server
# Parse the RADIUS dictionary file (must have dictionary in current dir)
my $dict = new RADIUS::Dictionary "dictionary"
or die "Couldn't read dictionary: $!";
# Set up the network socket (must have radius in /etc/services)
my $s = new Net::UDP { thisservice => "radius" } or die $!;
$s->bind or die "Couldn't bind: $!";
$s->fcntl(F_SETFL, $s->fcntl(F_GETFL,0) | O_NONBLOCK)
or die "Couldn't make socket non-blocking: $!";
# Loop forever, recieving packets and replying to them
while (1) {
my ($rec, $whence);
# Wait for a packet
my $nfound = $s->select(1, 0, 1, undef);
if ($nfound > 0) {
# Get the data
$rec = $s->recv(undef, undef, $whence);
# Unpack it
my $p = new RADIUS::Packet $dict, $rec;
if ($p->code eq 'Access-Request') {
# Print some details about the incoming request (try ->dump here)
print $p->attr('User-Name'), " logging in with password ",
$p->password($secret), "\n";
# Create a response packet
my $rp = new RADIUS::Packet $dict;
$rp->set_code('Access-Accept');
$rp->set_identifier($p->identifier);
$rp->set_authenticator($p->authenticator);
# (No attributes are needed.. but you could set IP addr, etc. here)
# Authenticate with the secret and send to the server.
$s->sendto(auth_resp($rp->pack, $secret), $whence);
}
else {
# It's not an Access-Request
print "Unexpected packet type recieved.";
$p->dump;
}
}
}
Christopher Masto, chris@netmonger.net
RADIUS::Dictionary
|
RADIUS::Packet - Object-oriented Perl interface to RADIUS packets |