Table of Contents

C Language Scripts

ParseAAARealm
ParseAARealm
ParseAAASRealm
ParseAASRealm

Tcl Language Scripts

ParseAAARealm
ParseAARealm
ParseAAASRealm
ParaseAASRealm

Cisco Access Registrar Scripts

This appendix contains sample scripts you can use as a basis for your own scripts. They are in two formats: C and Tcl. For additional scripts, see the Cisco Access Registrar scripts directory, /opt/AICar1/scripts.

C Language Scripts

You can use the following four C scripts for parsing the realm out of the username and setting the appropriate environment variables. There are four scripts for different requirements:

• Setting Authentication, Authorization, and Accounting (AAA)

• Setting just Authentication and Authorization (letting the default handle Accounting because we assume it is local)

• Setting AAA plus the Session-Manager

• Setting only AA plus the Session-Manager.

ParseAAARealm

/* 
* SCRIPT: ParseAAARealm --- This script is referenced from the NAS 
* IncomingScript scripting point. It looks for a realm name on the user
* name attribute as a hint of which AAA service should be used for this
* request. If @<realm> is found, the AAA service is selected which
* has the same name as the realm.
*/
 
int REXAPI ParseAAARealm( int iScriptingPoint,
			rex_AttributeDictionary_t* pRequest, 			rex_AttributeDictionary_t* pResponse, rex_EnvironmentDictionary_t* pEnviron )
{
		const char* pszRealm;
 
const char* pszUserName = pEnviron->get( pEnviron, "User-Name" );
 
	if( pszUserName == 0 || *pszUserName == '\0' )
{
pszUserName = pRequest->get( pRequest, "User-Name", 0, 0 );
   }
pszRealm = strchr( pszUserName, '@' );
 
if( pszRealm != 0 && *(pszRealm + 1) != '\0' )
   {
pszUserName = rewriteUserName( pRequest, pszUserName,
pszRealm - pszUserName );
 
if( pszUserName == 0 ) return REX_ERROR;
 
pEnviron->put( pEnviron, "User-Name", pszUserName );
pEnviron->put( pEnviron, "Authentication-Service", pszRealm + 1 );
pEnviron->put( pEnviron, "Authorization-Service", pszRealm + 1 );
pEnviron->put( pEnviron, "Accounting-Service", pszRealm + 1 ); 
}
return REX_OK;
}

ParseAARealm

/*
* SCRIPT: ParseAARealm --- This script is referenced from the NAS
* IncomingScript scripting point. It looks for a realm name on the user
* name attribute as a hint of which Authentication+Authorization service
* should be used for this request. If @<realm> is found, the AA service
* is selected which has the same name as the realm. The Accounting 
* service will be the DefaultAccountingService (as specified in the 
* configuration by the administrator)
*/
 
int REXAPI ParseAARealm( int iScriptingPoint,
rex_AttributeDictionary_t* pRequest, 		rex_AttributeDictionary_t* pResponse, rex_EnvironmentDictionary_t* pEnviron )
 {
const char* pszRealm;
 
const char* pszUserName = pEnviron->get( pEnviron, "User-Name" );
 
if( pszUserName == 0 || *pszUserName == '\0' )
{
pszUserName = pRequest->get( pRequest, "User-Name", 0, 0 );
}
 
pszRealm = strchr( pszUserName, '@' );
 
if( pszRealm != 0 && *(pszRealm + 1) != '\0' )
{
 
pszUserName = rewriteUserName( pRequest, pszUserName,
pszRealm - pszUserName );
 
if( pszUserName == 0 ) return REX_ERROR;
 
pEnviron->put( pEnviron, "User-Name", pszUserName );
pEnviron->put( pEnviron, "Authentication-Service", pszRealm + 1 );
pEnviron->put( pEnviron, "Authorization-Service", pszRealm + 1 );
}
return REX_OK;
}

ParseAAASRealm

/*
* SCRIPT: ParseAAASRealm --- This script is referenced from the NAS 
* IncomingScript scripting point. It looks for a realm name on the user
* name attribute as a hint of which AAA service and of which 
* SessionManager should be used for this request. If @<realm> is found,
* the AAA service and SessionManager which have the same name as the
* realm are selected.
*/
 
int REXAPI ParseAAASRealm( int iScriptingPoint,
rex_AttributeDictionary_t* pRequest, 		rex_AttributeDictionary_t* pResponse, rex_EnvironmentDictionary_t* pEnviron )
{
const char* pszRealm;
 
const char* pszUserName = pEnviron->get( pEnviron, "User-Name" );
 
if( pszUserName == 0 || *pszUserName == '\0' )
{
pszUserName = pRequest->get( pRequest, "User-Name", 0, 0 );
  }
 
pszRealm = strchr( pszUserName, '@' );
 
if( pszRealm != 0 && *(pszRealm + 1) != '\0' )
{
 
pszUserName = rewriteUserName( pRequest, pszUserName,
pszRealm - pszUserName );
 
if( pszUserName == 0 ) return REX_ERROR;
 
pEnviron->put( pEnviron, "User-Name", pszUserName );
pEnviron->put( pEnviron, "Authentication-Service", pszRealm + 1 );
pEnviron->put( pEnviron, "Authorization-Service", pszRealm + 1 );
pEnviron->put( pEnviron, "Accounting-Service", pszRealm + 1 ); 	pEnviron->put( pEnviron, "Session-Manager", pszRealm + 1 );
}
return REX_OK;
}

ParseAASRealm

/*
* SCRIPT: ParseAASRealm --- This script is referenced from the NAS
* IncomingScript scripting point. It looks for a realm name on the user
* name attribute as a hint of which Authentication+Authorization
* service and of which SessionManager should be used for this request.
* If @<realm> is found, the AA service and the SessionManager which
* have the same name as the realm are selected. The Accounting service
* will be the DefaultAccountingService (as specified in the
* configuration by the administrator)
*/
 
int REXAPI ParseAASRealm( int iScriptingPoint,
rex_AttributeDictionary_t* pRequest, 	rex_AttributeDictionary_t* pResponse, rex_EnvironmentDictionary_t* pEnviron )
{
const char* pszRealm;
 
const char* pszUserName = pEnviron->get( pEnviron, "User-Name" );
 
if( pszUserName == 0 || *pszUserName == '\0' )
{
pszUserName = pRequest->get( pRequest, "User-Name", 0, 0 );
   }
 
pszRealm = strchr( pszUserName, '@' );
 
if( pszRealm != 0 && *(pszRealm + 1) != '\0' )
{
pszUserName = rewriteUserName( pRequest, pszUserName,
pszRealm - pszUserName );
 
if( pszUserName == 0 ) return REX_ERROR;
 
pEnviron->put( pEnviron, "User-Name", pszUserName );
pEnviron->put( pEnviron, "Authentication-Service", pszRealm + 1 );
pEnviron->put( pEnviron, "Authorization-Service", pszRealm + 1 );
pEnviron->put( pEnviron, "Session-Manager", pszRealm + 1 );
}
return REX_OK;
 }

Tcl Language Scripts

The following scripts are the same as in the previous section, only they are written in Tcl.

ParseAAARealm

#
# SCRIPT: ParseAAARealm --- This script is referenced from the NAS 
# IncomingScript scripting point. It looks for a realm name on the user # name attribute as a hint of which AAA service should be used for this # request. If @<realm> is found, the AAA service is selected which 
# has the same name as the realm.
# 
 
proc ParseAAARealm {request response environ} {
    set userName [ $environ get User-Name ]
    if { [ string length $userName ] == 0 } {
	set userName [ $request get User-Name 0 bMore ]
    }
    if { [ regexp {@([a-zA-Z.]+} $userName dummy realm ] } {
	regsub "@$realm" $userName "" newUserName
	$environ put User-Name $newUserName
	$environ put Authentication-Service $realm
	$environ put Authorization-Service $realm
	$environ put Accounting-Service $realm
    }
}

ParseAARealm

# SCRIPT: ParseAARealm --- This script is referenced from the NAS 
# IncomingScript scripting point. It looks for a realm name on the user # name attribute as a hint of which Authentication+Authorization service # should be used for this request. If @<realm> is found, the AA service # is selected which has the same name as the realm. The Accounting 
# service will be the DefaultAccountingService (as specified in the 
# configuration by the administrator)
# 
 
proc ParseAARealm {request response environ} {
    set userName [ $environ get User-Name ]
    if { [ string length $userName ] == 0 } {
	set userName [ $request get User-Name 0 bMore ]
    }
    if { [ regexp {@([a-zA-Z.]+} $userName dummy realm ] } {
	regsub "@$realm" $userName "" newUserName
$environ put User-Name $newUserName
$environ put Authentication-Service $realm
$environ put Authorization-Service $realm
    }
}

ParseAAASRealm

# SCRIPT: ParseAAASRealm --- This script is referenced from the NAS 
# IncomingScript scripting point. It looks for a realm name on the user # name attribute as a hint of which AAA service and which SessionManager # should be used for this request. If @<realm> is found, the AAA 
# service and SessionManager are selected which have the same name as
# the realm.
# 
 
proc ParseAAASRealm {request response environ} {
    set userName [ $environ get User-Name ]
    if { [ string length $userName ] == 0 } {
	set userName [ $request get User-Name 0 bMore ]
    }
    if { [ regexp {@([a-zA-Z.]+} $userName dummy realm ] } {
	regsub "@$realm" $userName "" newUserName
	$environ put User-Name $newUserName
	$environ put Authentication-Service $realm
	$environ put Authorization-Service $realm
	$environ put Accounting-Service $realm
	$environ put Session-Manager $realm
    }
}

ParaseAASRealm

# SCRIPT: ParseAASRealm --- This script is referenced from the NAS 
# IncomingScript scripting point. It looks for a realm name on the user # name attribute as a hint of which Authentication+Authorization service # and of which SessionManager should be used for this request. If 
# @<realm> is found, the AA service and the SessionManager which have 
# the same name as the realm are selected. The Accounting service will 
# be the DefaultAccountingService (as specified in the configuration by 
# the administrator)
# 
 
proc ParseAASRealm {request response environ} {
    set userName [ $environ get User-Name ]
    if { [ string length $userName ] == 0 } {
	set userName [ $request get User-Name 0 bMore ]
    }
    if { [ regexp {@([a-zA-Z.]+} $userName dummy realm ] } {
	regsub "@$realm" $userName "" newUserName
$environ put User-Name $newUserName
$environ put Authentication-Service $realm
$environ put Authorization-Service $realm
$environ put Session-Manager $realm
    }
}

Posted: Thu Aug 19 08:10:11 PDT 1999
Copyright 1989-1999©Cisco Systems Inc.