Add sample checkrad script for RahuNAS
authorNeutron Soutmun <neo.neutron@gmail.com>
Thu, 29 Sep 2011 07:01:50 +0000 (14:01 +0700)
committerNeutron Soutmun <neo.neutron@gmail.com>
Thu, 29 Sep 2011 07:01:50 +0000 (14:01 +0700)
  * netsnmp-module/Makefile.am, scripts/rh-checkrad:
    - Add sample checkrad script for RahuNAS.

netsnmp-module/Makefile.am
netsnmp-module/scripts/rh-checkrad [new file with mode: 0755]

index b621626..772603a 100644 (file)
@@ -2,7 +2,7 @@ MAINTAINERCLEANFILES = Makefile.in
 
 if ENABLE_NETSNMP_MODULE
 
-EXTRA_DIST = mibs/RAHUNAS-MIB
+EXTRA_DIST = mibs/RAHUNAS-MIB scripts/rh-checkrad
 
 # Library versioning
 # # Library code modified:                    REVISION++
diff --git a/netsnmp-module/scripts/rh-checkrad b/netsnmp-module/scripts/rh-checkrad
new file mode 100755 (executable)
index 0000000..53a08b6
--- /dev/null
@@ -0,0 +1,56 @@
+#!/bin/sh
+# rh-checkrad  See if a user is (still) logged in on RahuNAS.
+#
+#              This is used by the FreeRADIUS server to check
+#              if its idea of a user logged in on RahuNAS
+#              is correct if a double login is detected.
+#
+# Called as:   nas_type nas_ip nas_port login session_id
+#
+# Returns:     0 = no duplicate, 1 = duplicate, >1 = error.
+#
+# Author: Neutron Soutmun <neutron@rahunas.org>
+# Date:   2011-09-29
+
+LOGDIR="/var/log/freeradius";
+LOGFILE="${LOGDIR}/rh-checkrad.log";
+
+SNMPGET=/usr/bin/snmpget
+SNMP_VERSION="2c"
+SNMP_COMMUNITY="public"
+
+# See RAHUNAS-MIB draft: RAHUNAS-MIB::rahunasAuthenLoginUsername
+RH_LOGINUSERNAME_MIB=".1.3.6.1.4.1.38668.1.1.1.2"
+
+# Parsing arguments
+NASTYPE=$1
+NASIP=$2
+NASPORT=$3
+LOGIN=$4
+SESSIONID=$5
+
+if [ $# -lt 5 -o "x$1" = "x--help" ]; then
+  echo "Usage: $0 nas_type nas_ip nas_port login session_id"
+  exit 2
+fi
+
+# Support only "rahunas" type
+if [ "x$NASTYPE" != "xrahunas" ]; then
+  exit 0;
+fi
+
+
+# Process
+RET=0
+LOGMSG="Query for ${LOGIN} (${SESSIONID}) on ${NASIP}: "
+USER=`$SNMPGET -v${SNMP_VERSION} -c${SNMP_COMMUNITY} ${NASIP} -Oqv ${RH_LOGINUSERNAME_MIB}.\"${SESSIONID}\" | sed -e 's/"//g'`
+
+if [ "x$LOGIN" = "x${USER}" ]; then
+  LOGMSG="${LOGMSG} Active"
+  RET=1;
+else
+  LOGMSG="${LOGMSG} Inactive"
+fi
+
+echo ${LOGMSG} >> $LOGFILE
+exit ${RET};