RADIUS server using APM to authenticate users
Problem this snippet solves: this code convert APM policy to a RADIUS server.
Code description
When a Radius request is accepted by the VS:
the radius client IP address is checked against a...
Updated Jun 06, 2023
Version 2.0
Stanislas_Piro2
Cumulonimbus
Cumulonimbus
Stanislas_Piro2Cumulonimbus
CumulonimbusI guess this is better:
for {set record_offset 20} {$record_offset < $QLEN } {incr record_offset $QAVP_LEN} {
binary scan $PAYLOAD @${record_offset}cc QAVP_TYPE QAVP_LEN
set QAVP_LEN [expr {$QAVP_LEN & 0xFF}]
If an Attribute is received in an Access-Accept, Access-Reject or Access-Challenge packet with an invalid length,
the packet MUST either be treated as an Access-Reject or else silently discarded.
if {($QAVP_LEN < 3) || ($record_offset+$QAVP_LEN > $QLEN) } {UDP::drop; return}
binary scan $PAYLOAD @${record_offset}x2a[expr {$QAVP_LEN -2}] QUERY_ATTR($QAVP_TYPE)
if {$QAVP_TYPE == 80} {
binary scan [string replace $PAYLOAD $record_offset [expr {$record_offset + 18}] [binary format ccH32 80 18 [string repeat 0 32]]] a* UNSIGNED_REQUEST
}
}
}