<<

NAME

pf::soh - A module to evaluate and respond to SoH requests

SYNOPSIS

This module contains the infrastructure necessary to evaluate statement-of-health (SoH) requests tunnelled inside 802.1x/EAP authentication negotiations.

FreeRADIUS passes SoH requests through a separate virtual server, which uses a perl module to forward the requests via SOAP to pf::WebAPI, which instantiates a pf::soh object to generate a suitable response.

The methods in pf::soh can be overriden in pf::soh::custom.

SUBROUTINES

• new - returns a new pf::soh object
• authorize - handles the SoH request

  Takes a RADIUS request containing synthetic SoH attributes, forwarded through the SoH virtual server, decides how to handle it based on the filters created by the user, and returns a suitable response. This is the top-level function, which does very little work itself.

• parse_request - parses a request

  This function takes a hashref containing RADIUS value pairs, parses them, and sets helpful new values in the same hash.

• evaluate - evaluates an SoH request against filters

  This method takes an SoH request and an array of filters to match against, evaluates the request against each filter in turn, until one matches, and does whatever that filter specifies. It returns the $RADIUS::RLM_MODULE_* code to be sent back to FreeRADIUS.

• matches - does a request match a given rule?

  Returns true if the specified condition is met by the request, and false otherwise. We could (always) be more clever about how we match. The UI to define matches is simple, but the matching process can be as complex as it needs to be.

  The question we answer is: "does any status line match this rule?"

• matches_one - does a single status line match a given rule?

  For every rule referring to a particular health class, this function is called once for each corresponding status line, and returns true if the rule matches, and false otherwise.

• trigger_violation - trigger a violation

  Triggers a violation for the specified MAC address and filter.

• filter - fetch a filter from the db

  Returns a hashref representing a single SoH filter.

• filters - fetch filters from the db

  Returns a reference to an array of hashrefs, each representing a single SoH filter.

• create_filter
• update_filter
• delete_filter
• create_rule
• delete_rules

AUTHOR

Inverse inc. <info@inverse.ca>

COPYRIGHT

Copyright (C) 2005-2015 Inverse inc.

LICENSE

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

<<