Knowing from which udp socket the Radius request came. Using FreeRadius - configuration-files

I know the question isn't very well. Sorry my english.
I want to setup a (one instance of) FreeRadius server to listen to several ports (with a bunch of 'listen' sections) and then pass the that udp port as a parameter along with User-Name and User-Password to a script that I want to use to make the authentication.
The basic idea is make some kind of domain separation. Some Firewall use radius port 2000 to make authentication. Some other different firewall (with a different set of users) use radius port 2020, for example. At the end, all the request fall in the same script that has the knowledge of both set of users and use one or the other according to the given extra attribute (port number)
I know that is possible making a virtual server per 'domain'. but I prefer not to replicate configuration files. and i think is shorter to add a little 'listen' section for every domain I want.
I tried to add an atribute this way:
listen {
ipaddr = *
port = 0
type = auth
update control {
Login-TCP-Port = 1812
}
}
and tried to read it:
autorize {
if ("%{User-Name}" == "bob") {
update reply {
Reply-Message = "This is only %{Login-TCP-Port} an example."
}
update control {
Cleartext-Password := "bob"
}
ok
}
[...]
}
But don't work.
How can i make it right?
Is this posible?
Hope you can help me.

I'm answering myself. I found (looking a like further on google) that the Packet-Dst-Port attribute have the data that I want.
I get it from here (now that I found it, look pretty obvious :P)

Related

Metatrader 5 Python Socket/Websocket communication 4014 error

I am trying to create a communication interface between a python socket server and a Metatrader 5 Expert Advisor.
I've tried multiple approaches and tutorial's I found online for both sockets and websockets. All of these approaches yield the same problem.
Whenever I start a debug on live/historical data, I get a Socket creation error with code 4014. According to the error codes it is a "Function is not allowed for call" error.
Multiple sources recommended to allow web request from specified URL's. Ive done this as well for 127.0.0.1 and localhost. (Tools > options > Expert Advisors)
Why am I getting a function not allowed for call error, and how can this be fixed?
Expert code:
int socket=SocketCreate();
int OnInit()
{
if(SocketConnect(socket,"127.0.0.1",9090,1000))
{
Print("Connected to "," 127.0.0.1",":",9090);
}
else
{
Print(GetLastError());
}
return(INIT_SUCCEEDED);
}
void OnDeinit(const int reason)
{
SocketClose(socket);
}
void OnTick()
{
SocketClose(socket);
}
We had similar issue in the past and was resolved it by adding the hostname/IP to connect to to the list of allowed URLs in Tools->Options->Expert Advisor.
You can also use a MetaApi service to communicate with MetaTrader via developer-friendly SDKs and code your expert advisor in Javascript, Java or Python.
Hope this is useful to some degree.
I faced the same problem.
Works for me: to point exactly '127.0.0.1' (without upper commas) in address input field.
Also, check your firewall settings - it may block your ports.
The best regards.

Milo: get IP of client

Is there a way to get a Clients IP in Context of a write?
I want to get the IP of an Client that writes to my Milo-OPCUA-Server, so I can handle these writes differently based on the Clients IP (local Clients should be able to write directly on the Server, whilst other writes should get forwarded to another Server)
Okay, this is not part of any official API right now, so it almost certainly will break in the future, but:
With the OperationContext you get when implementing AttributeManager#write(WriteContext, List<WriteValue>):
context.getSession().ifPresent(session -> {
UaStackServer stackServer = context.getServer().getServer();
if (stackServer instanceof UaTcpStackServer) {
ServerSecureChannel secureChannel = ((UaTcpStackServer) stackServer)
.getSecureChannel(session.getSecureChannelId());
Channel channel = secureChannel.attr(UaTcpStackServer.BoundChannelKey).get();
SocketAddress remoteAddress = channel.remoteAddress();
}
});
I'll have to add some official API to do this, probably something hanging off the Session object.

How can I redirect hundreds of hostnames to other hostnames using nginx

I have a system where many (~20k) subdomains use nginx's default_server, which passes the work off to an app.
I also have many (~100) hostnames that need to be redirected to a correct one, that is different for each hostname and that would then redirect to the default_server.
one.example.com -> eleven.example.com
two.example.com -> twelve.domain.com
three.example.com -> wibble.example.com
blah.domain.com -> fifteen.example.com
The redirects are arbitrary, ie there is no pattern to them.
Rather than having to update nginx config to add a new server block whenever a new redirect is needed or updated I'd prefer to use a map file of some sort that nginx can check for redirects.
Sadly having searched about quite a bit I've not found anything like it, all examples I've found use a new server block for each redirecting host or use regexes. I'd prefer to be able to update a map file or database on the fly that nginx can refer to.
My current best option I have is to update the background app to apply the redirects.
I did previously find the map but it wasn't clear that it could be used in this way and none of the examples showed it. Saying that it turned out to be quite easy.
This is what I have that seems to work;
map $host $redirect_host {
hostnames;
one.david.org eleven.david.org;
two.david.org twelve.steve.org;
three.steve.org thirteen.david.org;
four.steve.org fourteen.steve.org;
}
server {
...
if ($redirect_host) {
return 301 $scheme://$redirect_host$request_uri;
}
...
}
It's a shame that this solution requires nginx restart, but it's not a big deal.

Dual Base URL in Moodle

I have installed the XAMPP and Moodle 2.5 inside it.
Along side, I've also installed No-ip client to convert this to a webserver.
Now my question is, I woud like to have this server reacheble from my intranet and from outside.
My config.php file have base url like:
$CFG->wwwroot = 'http://172.16.1.1/exam';
$CFG->dataroot = 'H:\\xampp\\moodledata';
$CFG->admin = 'admin';
But not limited to local ip address, I want to use it as webserver to access it from internet. Please suggest me how to set the base url to use it from internet and also from my intranet.
The simplest solution is use a domain name which can be accessed from both internet and internal machines.
Failing that, the Moodle config file is simply a PHP file so you can do something like this:
if (access_via_internet()) {
$CFG->wwwroot = WEBROOT_FOR_INTERNET_ACCESS;
} else if (access_via_intranet()) {
$CFG->wwwroot = WEBROOT_FOR_INTRANET_ACCESS;
} else {
throw new Exception("Ye cannae change the laws of physics");
}
function access_via_internet() {
// Do something to detect access via the internet.
// Probably parse $_SERVER['HTTP_HOST']
return (did_we_detect_the_internet() ? true : false);
}
function access_via_intranet() {
// Do something to detect access via the intranet.
// Probably just negate the value of access_via_internet()
return !access_via_internet();
}
Another option is to just rely on the server address by which the user came to you:
$CFG->wwwroot = $_SERVER['REQUEST_SCHEME'].'://'.$_SERVER['HTTP_HOST'].'/exam';
One potential issue, if you do allow access from different addresses: do not copy and paste Moodle URLs into course content. It's easy to forget, but the URLS will only work for users also accessing from the same route.

Redis Connection via socket on Node.js

Because of shared hosting, my redis server on the target host does not run on a port, but on a very specific socket, which can be connected to via the socket file, only accessible to my user.
However, I have not found how I can specify connection via a socket in the node_redis and connect-redis packages, the ones I want to use.
Anyone know how to do it?
Update: My answer below is not really correct. It turns out that the solution in the issue I mention below actually still works. It's more of a coincidence, IMO, but you can do something like this, and it should work:
var redis = require('redis'),
client = redis.createClient('/tmp/redis.sock');
As you see from the code snippet below, this will get passed to net.createConnection which will connect to the unix socket /tmp/redis.sock.
Old answer:
There is a closed issue about this node_redis/issues/204. It seems, thought, that the underlying node.js net.createConnection API has since changed. It looks as though it would be a quite small fix in node_redis' exports.createClient function:
exports.createClient = function (port_arg, host_arg, options) {
var port = port_arg || default_port,
host = host_arg || default_host,
redis_client, net_client;
net_client = net.createConnection(port, host);
redis_client = new RedisClient(net_client, options);
redis_client.port = port;
redis_client.host = host;
return redis_client;
};
It seems as though net.createConnection will attempt to connect to a unix socket if it's called with one argument, that looks like a path. I suggest you implement a fix and send a pull request, since this seems like something worth supporting.
There is no longer a connect string...
var client = redis.createClient(9000); // Open a port on localhost
var client = redis.createClient('/tmp/redis.sock'); // Open a unix socket
var client = redis.createClient(9000, 'example.com');
This, and options are documented on the README.