--- checkrad.pl.orig Sun Nov 4 21:44:30 2001 +++ checkrad Sun Nov 4 21:39:41 2001 @@ -27,6 +27,7 @@ # multitech_snmp 1.0 Author: ehonzay@willmar.com # netserver_telnet 1.0 Author: mts@interplanet.es # versanet_snmp 1.0 Author: support@versanetcomm.com +# cisco_compat_snmp 1.0 Author: hazard@hazard.maks.net # # Config: $debug is the file you want to put debug messages in # $snmpget is the location of your ``snmpget'' program @@ -269,6 +270,45 @@ } # +# See if the user is logged in using the Cisco POP MGMT MIB +# Much slower than the standard subroutine, but a lot more compatible +# with various flavours of IOS +# +$csm = '.iso.org.dod.internet.private.enterprises.9'; +sub cisco_compat_snmp { + my $nas_ip = $ARGV[1]; + my $nas_port = $ARGV[2]; + my $login = $ARGV[3]; + my $session_id = hex($ARGV[4]); + my $community = $ARGV[5]; + + my $portlist_oid = ".iso.org.dod.internet.private.enterprises.9.10.19.1.3.1.1.11"; + my $userlist_oid = ".iso.org.dod.internet.private.enterprises.9.10.19.1.3.1.1.3"; + + my (@portlist, @userlist, $login_found, $uniq_id); + + if (-e $snmpwalk && -x $snmpwalk) { + # + # Get a list of logged in users via snmpwalk + # + @portlist = `$snmpwalk $ARGV[1] $ARGV[5] $portlist_oid`; + + # There cannot be more than one entry... + $uniq_id = (grep (/\d+.\d+ = $nas_port/, @portlist))[0]; + $uniq_id =~ m/(\d+).\d+ = $nas_port/; $uniq_id = $1; + + if ($uniq_id) { + $login_found = snmpget($ARGV[1], $ARGV[5], "$userlist_oid.$uniq_id.0"); + } + } + + print LOG " user with session id $ARGV[4] ($session_id): $login_found\n" if ($debug); + + ($login_found eq $login) ? 1 : 0; +} + + +# # See if the user is logged in using the Cisco MIB # $csm = '.iso.org.dod.internet.private.enterprises.9'; @@ -902,6 +942,8 @@ $ret = &livingston_snmp; } elsif ($ARGV[0] eq 'cisco') { $ret = &cisco_snmp; +} elsif ($ARGV[0] eq 'cisco_compat') { + $ret = &cisco_compat_snmp; } elsif ($ARGV[0] eq 'multitech') { $ret = &multitech_snmp; } elsif ($ARGV[0] eq 'computone') {