adva_user 0.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +17 -0
- data/Gemfile +4 -0
- data/LICENSE +22 -0
- data/README +114 -0
- data/README.md +29 -0
- data/Rakefile +2 -0
- data/adva_user.gemspec +17 -0
- data/app/controllers/admin/base_account_controller.rb +13 -0
- data/app/controllers/admin/users_controller.rb +95 -0
- data/app/controllers/password_controller.rb +36 -0
- data/app/controllers/session_controller.rb +30 -0
- data/app/helpers/users_helper.rb +27 -0
- data/app/models/account.rb +7 -0
- data/app/models/membership.rb +16 -0
- data/app/models/password_mailer.rb +43 -0
- data/app/models/user.rb +106 -0
- data/app/views/admin/users/_form.html.erb +29 -0
- data/app/views/admin/users/_sidebar.html.erb +8 -0
- data/app/views/admin/users/edit.html.erb +7 -0
- data/app/views/admin/users/index.html.erb +13 -0
- data/app/views/admin/users/new.html.erb +5 -0
- data/app/views/admin/users/show.html.erb +27 -0
- data/app/views/layouts/login.html.erb +24 -0
- data/app/views/password/edit.html.erb +14 -0
- data/app/views/password/new.html.erb +13 -0
- data/app/views/password_mailer/reset_password_email.html.erb +3 -0
- data/app/views/password_mailer/updated_password_email.html.erb +1 -0
- data/app/views/session/new.html.erb +17 -0
- data/config/initializers/menus.rb +25 -0
- data/config/routes.rb +14 -0
- data/db/migrate/20080402000001_create_users_table.rb +33 -0
- data/db/migrate/20080402000005_create_memberships_table.rb +13 -0
- data/db/migrate/20090625124502_create_accounts.rb +13 -0
- data/db/migrate/20090625133231_add_account_to_user.rb +10 -0
- data/lib/action_controller/authenticate_anonymous.rb +70 -0
- data/lib/action_controller/authenticate_user.rb +201 -0
- data/lib/active_record/belongs_to_author.rb +37 -0
- data/lib/adva_user.rb +28 -0
- data/lib/adva_user/version.rb +3 -0
- data/lib/login/helper_integration.rb +11 -0
- data/lib/login/mail_config.rb +39 -0
- data/test/contexts.rb +42 -0
- data/test/fixtures.rb +18 -0
- data/test/functional/admin/users_controller_test.rb +176 -0
- data/test/functional/password_controller_test.rb +96 -0
- data/test/functional/session_controller_test.rb +1 -0
- data/test/functional/user_controller_test.rb +95 -0
- data/test/integration/anonymous_login_test.rb +39 -0
- data/test/integration/edit_user_test.rb +44 -0
- data/test/integration/memberships_test.rb +52 -0
- data/test/integration/user_deletion_test.rb +27 -0
- data/test/integration/user_login_test.rb +53 -0
- data/test/integration/user_login_with_remember_me_test.rb +20 -0
- data/test/integration/user_registration_test.rb +64 -0
- data/test/test_helper.rb +1 -0
- data/test/unit/cells/user_cell_test.rb +13 -0
- data/test/unit/helpers/users_helper_test.rb +52 -0
- data/test/unit/models/account_test.rb +21 -0
- data/test/unit/models/anonymous_test.rb +54 -0
- data/test/unit/models/password_mailer_test.rb +26 -0
- data/test/unit/models/user_mailer_test.rb +16 -0
- data/test/unit/models/user_test.rb +173 -0
- data/vendor/gems/authentication/.gitignore +17 -0
- data/vendor/gems/authentication/Gemfile +4 -0
- data/vendor/gems/authentication/LICENSE +22 -0
- data/vendor/gems/authentication/MIT-LICENSE +38 -0
- data/vendor/gems/authentication/README +39 -0
- data/vendor/gems/authentication/README.md +29 -0
- data/vendor/gems/authentication/RUNNING_UNIT_TESTS +13 -0
- data/vendor/gems/authentication/Rakefile +61 -0
- data/vendor/gems/authentication/authentication.gemspec +17 -0
- data/vendor/gems/authentication/lib/authentication.rb +270 -0
- data/vendor/gems/authentication/lib/authentication/active_record_extensions.rb +11 -0
- data/vendor/gems/authentication/lib/authentication/bogus.rb +13 -0
- data/vendor/gems/authentication/lib/authentication/hash_helper.rb +26 -0
- data/vendor/gems/authentication/lib/authentication/ldap.rb +49 -0
- data/vendor/gems/authentication/lib/authentication/remember_me.rb +52 -0
- data/vendor/gems/authentication/lib/authentication/salted_hash.rb +53 -0
- data/vendor/gems/authentication/lib/authentication/single_token.rb +53 -0
- data/vendor/gems/authentication/lib/authentication/version.rb +3 -0
- data/vendor/gems/authentication/lib/radius/dictionary +207 -0
- data/vendor/gems/authentication/test_backup/abstract_unit.rb +30 -0
- data/vendor/gems/authentication/test_backup/active_record_extension_test.rb +17 -0
- data/vendor/gems/authentication/test_backup/authentication_test.rb +231 -0
- data/vendor/gems/authentication/test_backup/database.yml +12 -0
- data/vendor/gems/authentication/test_backup/fixtures/user.rb +3 -0
- data/vendor/gems/authentication/test_backup/fixtures/users.yml +3 -0
- data/vendor/gems/authentication/test_backup/options_test.rb +100 -0
- data/vendor/gems/authentication/test_backup/remember_me_test.rb +41 -0
- data/vendor/gems/authentication/test_backup/salted_hash_test.rb +38 -0
- data/vendor/gems/authentication/test_backup/schema.rb +10 -0
- data/vendor/gems/authentication/test_backup/single_token_test.rb +44 -0
- data/vendor/gems/authentication/test_backup/test_helper.rb +8 -0
- metadata +157 -0
@@ -0,0 +1,11 @@
|
|
1
|
+
class ActiveRecord::Base
|
2
|
+
# Utility method to easily see if the model contains all columns
|
3
|
+
# given. Most authentication modules use this to see if they are
|
4
|
+
# enabled or not by checking for their required columns.
|
5
|
+
def self.includes_all_columns?(*columns)
|
6
|
+
columns = columns.flatten.compact
|
7
|
+
columns.collect! {|c| c.to_s}
|
8
|
+
|
9
|
+
columns.all? {|c| self.column_names.include? c}
|
10
|
+
end
|
11
|
+
end
|
@@ -0,0 +1,13 @@
|
|
1
|
+
module Authentication
|
2
|
+
|
3
|
+
# A fake authentication system for use in a development environments.
|
4
|
+
# This is ideal for cases where the productino environment uses some
|
5
|
+
# complex authentication that cannot be simulated in the development
|
6
|
+
# environment easily.
|
7
|
+
class Bogus
|
8
|
+
|
9
|
+
# Any password will authenticate. This is to encourage people
|
10
|
+
# to not use this in the production environment.
|
11
|
+
def authenticate(user, password); true end
|
12
|
+
end
|
13
|
+
end
|
@@ -0,0 +1,26 @@
|
|
1
|
+
require 'digest/sha1'
|
2
|
+
|
3
|
+
module Authentication
|
4
|
+
|
5
|
+
# Generating a hash is a common task across many authentication
|
6
|
+
# modules. This mixin makes the task easier.
|
7
|
+
module HashHelper
|
8
|
+
protected
|
9
|
+
|
10
|
+
# Will hash the given string based on the given salt. The default
|
11
|
+
# salt is the site salt. This is defined by the constant
|
12
|
+
# AUTHENTICATION_SALT. If not defined then the installation
|
13
|
+
# directory of the application will be used as the site salt.
|
14
|
+
def hash_string(string, salt=site_salt)
|
15
|
+
Digest::SHA1.hexdigest("#{salt}---#{string}")
|
16
|
+
end
|
17
|
+
|
18
|
+
private
|
19
|
+
|
20
|
+
# Will retrieve the site salt.
|
21
|
+
def site_salt
|
22
|
+
return AUTHENTICATION_SALT if Object.const_defined? 'AUTHENTICATION_SALT'
|
23
|
+
File.expand_path Rails.root
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
@@ -0,0 +1,49 @@
|
|
1
|
+
require 'ldap'
|
2
|
+
|
3
|
+
module Authentication
|
4
|
+
|
5
|
+
class Ldap
|
6
|
+
attr_reader :options
|
7
|
+
|
8
|
+
def initialize(options={})
|
9
|
+
@options = options.reverse_merge(
|
10
|
+
:host => '127.0.0.1',
|
11
|
+
:port => LDAP::LDAP_PORT,
|
12
|
+
:base => "dc=example,dc=com",
|
13
|
+
:bind_dn => nil,
|
14
|
+
:bind_password => nil,
|
15
|
+
:uid_attribute => "uid", # uid for ldap ; sAMAccountName for AD
|
16
|
+
:uid_column => 'name'
|
17
|
+
)
|
18
|
+
end
|
19
|
+
|
20
|
+
def authenticate(user, password)
|
21
|
+
# connect to the ldap server
|
22
|
+
conn = LDAP::Conn.new(options[:host],options[:port])
|
23
|
+
# using proto v3
|
24
|
+
conn.set_option( LDAP::LDAP_OPT_PROTOCOL_VERSION, 3 )
|
25
|
+
# optionally bind as specific user
|
26
|
+
conn.bind(options[:bind_dn],options[:bind_password]) if options[:bind_dn]
|
27
|
+
# get the user uid from active record object
|
28
|
+
uid = user.send options[:uid_column]
|
29
|
+
# search the DN is the ldap using the uid on the specified attribute
|
30
|
+
res = conn.search2(options[:base],LDAP::LDAP_SCOPE_SUBTREE,"#{options[:uid_attribute]}=#{uid}",['dn'])
|
31
|
+
if ! res.empty?
|
32
|
+
dn = res[0]['dn'][0]
|
33
|
+
begin
|
34
|
+
conn.unbind if conn.bound?
|
35
|
+
conn.simple_bind(dn,password)
|
36
|
+
conn.unbind
|
37
|
+
conn = nil
|
38
|
+
return true
|
39
|
+
rescue LDAP::ResultError => e
|
40
|
+
return false
|
41
|
+
end
|
42
|
+
end
|
43
|
+
return false
|
44
|
+
end
|
45
|
+
|
46
|
+
end
|
47
|
+
|
48
|
+
end
|
49
|
+
|
@@ -0,0 +1,52 @@
|
|
1
|
+
require 'authentication/hash_helper'
|
2
|
+
|
3
|
+
module Authentication
|
4
|
+
|
5
|
+
# This token module works mostly like the SingleToken module with
|
6
|
+
# three differences:
|
7
|
+
#
|
8
|
+
# * It uses a different field name (remember_me CHAR(40))
|
9
|
+
# * It doesn't care about any expiration time set
|
10
|
+
# * It will only assign a token if the token name is /remember.?me/i
|
11
|
+
#
|
12
|
+
# This module is ideally suited for the remember me functionality
|
13
|
+
# because of these changes. This module would probably not be
|
14
|
+
# necessary if you are using a token module that supports more than
|
15
|
+
# one token. Since the default one (SingleToken) only supports one
|
16
|
+
# we need a seperate module for the remember me functionality so
|
17
|
+
# we can basically now store two tokens by default.
|
18
|
+
#
|
19
|
+
# This module supports the same "verified_at" hidden feature that
|
20
|
+
# the Authentication::SaltedHash module supports
|
21
|
+
class RememberMe
|
22
|
+
include HashHelper
|
23
|
+
|
24
|
+
# Will test to see if the given remember me key is valid
|
25
|
+
def authenticate(user, key)
|
26
|
+
return false unless valid_model? user
|
27
|
+
return false unless key.to_s.length == 40
|
28
|
+
|
29
|
+
conditions = ['id = ? AND remember_me = ?', user.id, hash_string(key)]
|
30
|
+
conditions[0] << ' AND verified_at IS NOT NULL' if user.respond_to? :verified_at
|
31
|
+
0 < user.class.count(:conditions => conditions)
|
32
|
+
end
|
33
|
+
|
34
|
+
# Will create a new remember me token. We will ignore the expiration
|
35
|
+
# since a remember me is always forever.
|
36
|
+
def assign_token(user, name, expire=nil)
|
37
|
+
return nil unless valid_model? user
|
38
|
+
return nil unless name =~ /remember.?me/i
|
39
|
+
|
40
|
+
token = hash_string "remember-me-#{Time.zone.now}"
|
41
|
+
user.remember_me = hash_string token
|
42
|
+
token
|
43
|
+
end
|
44
|
+
|
45
|
+
private
|
46
|
+
|
47
|
+
# This functionality is only used if remember me an available column
|
48
|
+
def valid_model?(user)
|
49
|
+
user.class.column_names.include? 'remember_me'
|
50
|
+
end
|
51
|
+
end
|
52
|
+
end
|
@@ -0,0 +1,53 @@
|
|
1
|
+
require 'authentication/hash_helper'
|
2
|
+
|
3
|
+
module Authentication
|
4
|
+
# Implements a basic salted hash authentication is the model's table.
|
5
|
+
# The model must implement the fields "password_hash" and
|
6
|
+
# "password_salt". If those fields are not implemented then this
|
7
|
+
# module cannot authenticate the user. These fields should be a
|
8
|
+
# string of 40 characters.
|
9
|
+
#
|
10
|
+
# NOTE: Some concepts here were borrowed from the Salted Login
|
11
|
+
# Generator/Engine. I am not a security expert but this seems like it
|
12
|
+
# would be quite safe and implements "best practice" methods for
|
13
|
+
# authentication. I'm sure there are better ones but this is much
|
14
|
+
# better than my old apps which used clear text passwords in the
|
15
|
+
# databse. :)
|
16
|
+
#
|
17
|
+
# NOTE: There is a hidden feature here. If the model contains
|
18
|
+
# the column "verified_at" then the user will not authenticate
|
19
|
+
# until the verified_at column has a value. This is to support the
|
20
|
+
# common practice of requiring a user to verify their email address
|
21
|
+
# before being able to login. If the column is not defined then
|
22
|
+
# the user can login as long as their password is correct.
|
23
|
+
class SaltedHash
|
24
|
+
include HashHelper
|
25
|
+
|
26
|
+
# Carries out actual authentication procedure. If the password
|
27
|
+
# given is correct for the given user then true is returned.
|
28
|
+
# Otherwise false will be returned.
|
29
|
+
def authenticate(user, password)
|
30
|
+
return false unless valid_model?(user)
|
31
|
+
|
32
|
+
password_hash = hash_string password, user.password_salt
|
33
|
+
conditions = ['id = ? AND password_hash = ?', user.id, password_hash]
|
34
|
+
conditions[0] << ' AND verified_at IS NOT NULL' if user.respond_to? :verified_at
|
35
|
+
0 < user.class.where(conditions).count
|
36
|
+
end
|
37
|
+
|
38
|
+
# Will assign a new password for the given user.
|
39
|
+
def assign_password(user, password)
|
40
|
+
return unless valid_model? user
|
41
|
+
|
42
|
+
user.password_salt = hash_string "salt-#{Time.zone.now}"
|
43
|
+
user.password_hash = hash_string password, user.password_salt
|
44
|
+
end
|
45
|
+
|
46
|
+
private
|
47
|
+
|
48
|
+
# True if password_hash and password_salt not in the table
|
49
|
+
def valid_model?(user)
|
50
|
+
user.class.includes_all_columns? :password_hash, :password_salt
|
51
|
+
end
|
52
|
+
end
|
53
|
+
end
|
@@ -0,0 +1,53 @@
|
|
1
|
+
require 'authentication/hash_helper'
|
2
|
+
|
3
|
+
module Authentication
|
4
|
+
# Implements a token with expiration that is stored on the model
|
5
|
+
# being authenticated. This is designed to implement the common
|
6
|
+
# practice of having a token in the URL that will automatically
|
7
|
+
# authenticate the user.
|
8
|
+
#
|
9
|
+
# The model should implement the fields "token_key" (a 40 character
|
10
|
+
# field) and "token_expiration" (a datetime field). If they are not
|
11
|
+
# implemented this class cannot authenticate or assign tokens.
|
12
|
+
#
|
13
|
+
# This token module is called SingleToken because it only can
|
14
|
+
# store one token. If another token is assigned the first is lost
|
15
|
+
# and will not authenticate the user anymore. For common needs such
|
16
|
+
# as forgot my password and account restoration this is fine.
|
17
|
+
#
|
18
|
+
# This token does NOT honor the verified_at field that the
|
19
|
+
# Authentication::SaltedHash module and Authentication::RememberMe
|
20
|
+
# module do since this token may be used to actually implement the
|
21
|
+
# email verification.
|
22
|
+
class SingleToken
|
23
|
+
include HashHelper
|
24
|
+
|
25
|
+
# Will test to see if the given key is valid for the given user
|
26
|
+
def authenticate(user, key)
|
27
|
+
return false unless valid_model? user
|
28
|
+
return false unless key.to_s.length == 40
|
29
|
+
|
30
|
+
conditions = [
|
31
|
+
'id = ? AND token_key = ? AND (token_expiration >= ? OR token_expiration IS NULL)',
|
32
|
+
user.id, hash_string(key), Time.zone.now
|
33
|
+
]
|
34
|
+
0 < user.class.count(:conditions => conditions)
|
35
|
+
end
|
36
|
+
|
37
|
+
# Will create a new token for the given user with the given expiration
|
38
|
+
def assign_token(user, name, expire)
|
39
|
+
return nil unless valid_model? user
|
40
|
+
|
41
|
+
user.token_expiration = expire
|
42
|
+
token = hash_string "token-#{Time.zone.now}"
|
43
|
+
user.token_key = hash_string token
|
44
|
+
token
|
45
|
+
end
|
46
|
+
|
47
|
+
private
|
48
|
+
|
49
|
+
def valid_model?(user)
|
50
|
+
user.class.includes_all_columns? :token_key, :token_expiration
|
51
|
+
end
|
52
|
+
end
|
53
|
+
end
|
@@ -0,0 +1,207 @@
|
|
1
|
+
#
|
2
|
+
# This file contains dictionary translations for parsing
|
3
|
+
# requests and generating responses. All transactions are
|
4
|
+
# composed of Attribute/Value Pairs. The value of each attribute
|
5
|
+
# is specified as one of 4 data types. Valid data types are:
|
6
|
+
#
|
7
|
+
# string - 0-253 octets
|
8
|
+
# ipaddr - 4 octets in network byte order
|
9
|
+
# integer - 32 bit value in big endian order (high byte first)
|
10
|
+
# date - 32 bit value in big endian order - seconds since
|
11
|
+
# 00:00:00 GMT, Jan. 1, 1970
|
12
|
+
#
|
13
|
+
# Enumerated values are stored in the user file with dictionary
|
14
|
+
# VALUE translations for easy administration.
|
15
|
+
#
|
16
|
+
# Example:
|
17
|
+
#
|
18
|
+
# ATTRIBUTE VALUE
|
19
|
+
# --------------- -----
|
20
|
+
# Framed-Protocol = PPP
|
21
|
+
# 7 = 1 (integer encoding)
|
22
|
+
#
|
23
|
+
|
24
|
+
|
25
|
+
|
26
|
+
#
|
27
|
+
# Proper names for everything - use this instead of the above
|
28
|
+
#
|
29
|
+
ATTRIBUTE User-Name 1 string
|
30
|
+
ATTRIBUTE User-Password 2 string
|
31
|
+
ATTRIBUTE CHAP-Password 3 string
|
32
|
+
ATTRIBUTE NAS-IP-Address 4 ipaddr
|
33
|
+
ATTRIBUTE NAS-Port 5 integer
|
34
|
+
ATTRIBUTE Service-Type 6 integer
|
35
|
+
ATTRIBUTE Framed-Protocol 7 integer
|
36
|
+
ATTRIBUTE Framed-IP-Address 8 ipaddr
|
37
|
+
ATTRIBUTE Framed-IP-Netmask 9 ipaddr
|
38
|
+
ATTRIBUTE Framed-Routing 10 integer
|
39
|
+
ATTRIBUTE Filter-Id 11 string
|
40
|
+
ATTRIBUTE Framed-MTU 12 integer
|
41
|
+
ATTRIBUTE Framed-Compression 13 integer
|
42
|
+
ATTRIBUTE Login-IP-Host 14 ipaddr
|
43
|
+
ATTRIBUTE Login-Service 15 integer
|
44
|
+
ATTRIBUTE Login-TCP-Port 16 integer
|
45
|
+
ATTRIBUTE Reply-Message 18 string
|
46
|
+
ATTRIBUTE Callback-Number 19 string
|
47
|
+
ATTRIBUTE Callback-Id 20 string
|
48
|
+
ATTRIBUTE Expiration 21 date
|
49
|
+
ATTRIBUTE Framed-Route 22 string
|
50
|
+
ATTRIBUTE Framed-IPX-Network 23 ipaddr
|
51
|
+
ATTRIBUTE State 24 string
|
52
|
+
ATTRIBUTE Session-Timeout 27 integer
|
53
|
+
ATTRIBUTE Idle-Timeout 28 integer
|
54
|
+
ATTRIBUTE Termination-Action 29 integer
|
55
|
+
ATTRIBUTE Called-Station-Id 30 string
|
56
|
+
ATTRIBUTE Calling-Station-Id 31 string
|
57
|
+
ATTRIBUTE Acct-Status-Type 40 integer
|
58
|
+
ATTRIBUTE Acct-Delay-Time 41 integer
|
59
|
+
ATTRIBUTE Acct-Input-Octets 42 integer
|
60
|
+
ATTRIBUTE Acct-Output-Octets 43 integer
|
61
|
+
ATTRIBUTE Acct-Session-Id 44 string
|
62
|
+
ATTRIBUTE Acct-Authentic 45 integer
|
63
|
+
ATTRIBUTE Acct-Session-Time 46 integer
|
64
|
+
ATTRIBUTE Acct-Terminate-Cause 49 integer
|
65
|
+
ATTRIBUTE NAS-Port-Type 61 integer
|
66
|
+
ATTRIBUTE Port-Limit 62 integer
|
67
|
+
|
68
|
+
|
69
|
+
#
|
70
|
+
# Integer Translations
|
71
|
+
#
|
72
|
+
|
73
|
+
# User Types
|
74
|
+
|
75
|
+
VALUE Service-Type Login-User 1
|
76
|
+
VALUE Service-Type Framed-User 2
|
77
|
+
VALUE Service-Type Callback-Login-User 3
|
78
|
+
VALUE Service-Type Callback-Framed-User 4
|
79
|
+
VALUE Service-Type Outbound-User 5
|
80
|
+
VALUE Service-Type Administrative-User 6
|
81
|
+
VALUE Service-Type NAS-Prompt-User 7
|
82
|
+
|
83
|
+
# Framed Protocols
|
84
|
+
|
85
|
+
VALUE Framed-Protocol PPP 1
|
86
|
+
VALUE Framed-Protocol SLIP 2
|
87
|
+
|
88
|
+
# Framed Routing Values
|
89
|
+
|
90
|
+
VALUE Framed-Routing None 0
|
91
|
+
VALUE Framed-Routing Broadcast 1
|
92
|
+
VALUE Framed-Routing Listen 2
|
93
|
+
VALUE Framed-Routing Broadcast-Listen 3
|
94
|
+
|
95
|
+
# Framed Compression Types
|
96
|
+
|
97
|
+
VALUE Framed-Compression None 0
|
98
|
+
VALUE Framed-Compression Van-Jacobson-TCP-IP 1
|
99
|
+
|
100
|
+
# Login Services
|
101
|
+
|
102
|
+
VALUE Login-Service Telnet 0
|
103
|
+
VALUE Login-Service Rlogin 1
|
104
|
+
VALUE Login-Service TCP-Clear 2
|
105
|
+
VALUE Login-Service PortMaster 3
|
106
|
+
|
107
|
+
# Status Types
|
108
|
+
|
109
|
+
VALUE Acct-Status-Type Start 1
|
110
|
+
VALUE Acct-Status-Type Stop 2
|
111
|
+
|
112
|
+
# Authentication Types
|
113
|
+
|
114
|
+
VALUE Acct-Authentic RADIUS 1
|
115
|
+
VALUE Acct-Authentic Local 2
|
116
|
+
VALUE Acct-Authentic PowerLink128 100
|
117
|
+
|
118
|
+
# Termination Options
|
119
|
+
|
120
|
+
VALUE Termination-Action Default 0
|
121
|
+
VALUE Termination-Action RADIUS-Request 1
|
122
|
+
|
123
|
+
# NAS Port Types, available in ComOS 3.3.1 and later
|
124
|
+
|
125
|
+
VALUE NAS-Port-Type Async 0
|
126
|
+
VALUE NAS-Port-Type Sync 1
|
127
|
+
VALUE NAS-Port-Type ISDN 2
|
128
|
+
VALUE NAS-Port-Type ISDN-V120 3
|
129
|
+
VALUE NAS-Port-Type ISDN-V110 4
|
130
|
+
|
131
|
+
# Acct Terminate Causes, available in ComOS 3.3.2 and later
|
132
|
+
|
133
|
+
VALUE Acct-Terminate-Cause User-Request 1
|
134
|
+
VALUE Acct-Terminate-Cause Lost-Carrier 2
|
135
|
+
VALUE Acct-Terminate-Cause Lost-Service 3
|
136
|
+
VALUE Acct-Terminate-Cause Idle-Timeout 4
|
137
|
+
VALUE Acct-Terminate-Cause Session-Timeout 5
|
138
|
+
VALUE Acct-Terminate-Cause Admin-Reset 6
|
139
|
+
VALUE Acct-Terminate-Cause Admin-Reboot 7
|
140
|
+
VALUE Acct-Terminate-Cause Port-Error 8
|
141
|
+
VALUE Acct-Terminate-Cause NAS-Error 9
|
142
|
+
VALUE Acct-Terminate-Cause NAS-Request 10
|
143
|
+
VALUE Acct-Terminate-Cause NAS-Reboot 11
|
144
|
+
VALUE Acct-Terminate-Cause Port-Unneeded 12
|
145
|
+
VALUE Acct-Terminate-Cause Port-Preempted 13
|
146
|
+
VALUE Acct-Terminate-Cause Port-Suspended 14
|
147
|
+
VALUE Acct-Terminate-Cause Service-Unavailable 15
|
148
|
+
VALUE Acct-Terminate-Cause Callback 16
|
149
|
+
VALUE Acct-Terminate-Cause User-Error 17
|
150
|
+
VALUE Acct-Terminate-Cause Host-Request 18
|
151
|
+
|
152
|
+
|
153
|
+
#
|
154
|
+
# Obsolete names for backwards compatibility with older users files
|
155
|
+
# If you want RADIUS accounting logs to use the new names instead of
|
156
|
+
# these, move this section to the beginning of the dictionary file
|
157
|
+
# and kill and restart radiusd
|
158
|
+
# If you don't have a RADIUS 1.16 users file that you're still using,
|
159
|
+
# you can delete or ignore this section.
|
160
|
+
#
|
161
|
+
ATTRIBUTE Client-Id 4 ipaddr
|
162
|
+
ATTRIBUTE Client-Port-Id 5 integer
|
163
|
+
ATTRIBUTE User-Service-Type 6 integer
|
164
|
+
ATTRIBUTE Framed-Address 8 ipaddr
|
165
|
+
ATTRIBUTE Framed-Netmask 9 ipaddr
|
166
|
+
ATTRIBUTE Framed-Filter-Id 11 string
|
167
|
+
ATTRIBUTE Login-Host 14 ipaddr
|
168
|
+
ATTRIBUTE Login-Port 16 integer
|
169
|
+
ATTRIBUTE Old-Password 17 string
|
170
|
+
ATTRIBUTE Port-Message 18 string
|
171
|
+
ATTRIBUTE Dialback-No 19 string
|
172
|
+
ATTRIBUTE Dialback-Name 20 string
|
173
|
+
ATTRIBUTE Challenge-State 24 string
|
174
|
+
VALUE Service-Type Dialback-Login-User 3
|
175
|
+
VALUE Service-Type Dialback-Framed-User 4
|
176
|
+
VALUE Service-Type Shell-User 6
|
177
|
+
VALUE Framed-Compression Van-Jacobsen-TCP-IP 1
|
178
|
+
#VALUE Auth-Type Unix 1
|
179
|
+
#
|
180
|
+
# END of obsolete names for backwards compatibility
|
181
|
+
#
|
182
|
+
|
183
|
+
#
|
184
|
+
# Configuration Values
|
185
|
+
# uncomment out these two lines to turn account expiration on
|
186
|
+
#
|
187
|
+
|
188
|
+
#VALUE Server-Config Password-Expiration 30
|
189
|
+
#VALUE Server-Config Password-Warning 5
|
190
|
+
|
191
|
+
##
|
192
|
+
## VENDOR SPECIFIC ATTRIBUTES
|
193
|
+
##
|
194
|
+
## The following entries demonstrate the use of VSAs
|
195
|
+
##
|
196
|
+
|
197
|
+
# cisco-avpair is used for various functions by cisco IOS. Most
|
198
|
+
# notably, it's used to create VPDN tunnels.
|
199
|
+
#
|
200
|
+
VENDORATTR 9 cisco-avpair 1 string
|
201
|
+
|
202
|
+
# This is a fake attribute to demonstrate how to write named-value
|
203
|
+
# attributes.
|
204
|
+
VENDORATTR 1 ibm-enum 254 integer
|
205
|
+
VENDORVALUE 1 ibm-enum value-1 1
|
206
|
+
VENDORVALUE 1 ibm-enum value-2 2
|
207
|
+
VENDORVALUE 1 ibm-enum value-3 3
|