[sr-dev] git:master:f703effa: auth_radius: support for not appending realm to the username passed to RADIUS

Phil Lavin phil.lavin at synety.com
Wed Dec 30 10:43:32 CET 2015


Module: kamailio
Branch: master
Commit: f703effa2e2d6c6f426374d07d57636ecf248fd2
URL: https://github.com/kamailio/kamailio/commit/f703effa2e2d6c6f426374d07d57636ecf248fd2

Author: Phil Lavin <phil.lavin at synety.com>
Committer: Phil Lavin <phil.lavin at synety.com>
Date: 2015-12-30T09:04:33Z

auth_radius: support for not appending realm to the username passed to RADIUS

- Implement append_realm_to_username parameter in auth_radius which allows
  the unmolested digest username to be passed to RADIUS in the User-Name
  attribute. This is required for some RADIUS implementations.

---

Modified: modules/auth_radius/authrad_mod.c
Modified: modules/auth_radius/authrad_mod.h
Modified: modules/auth_radius/doc/auth_radius.xml
Modified: modules/auth_radius/doc/auth_radius_admin.xml
Modified: modules/auth_radius/sterman.c

---

Diff:  https://github.com/kamailio/kamailio/commit/f703effa2e2d6c6f426374d07d57636ecf248fd2.diff
Patch: https://github.com/kamailio/kamailio/commit/f703effa2e2d6c6f426374d07d57636ecf248fd2.patch

---

diff --git a/modules/auth_radius/authrad_mod.c b/modules/auth_radius/authrad_mod.c
index f4a9eac..94ca865 100644
--- a/modules/auth_radius/authrad_mod.c
+++ b/modules/auth_radius/authrad_mod.c
@@ -66,6 +66,7 @@ static int service_type = -1;
 
 int use_ruri_flag = -1;
 int ar_radius_avps_mode = 0;
+int append_realm_to_username = 1;
 
 static char *auth_extra_str = 0;
 struct extra_attr *auth_extra = 0;
@@ -95,6 +96,7 @@ static param_export_t params[] = {
 	{"use_ruri_flag",    INT_PARAM, &use_ruri_flag	},
 	{"auth_extra",       PARAM_STRING, &auth_extra_str	},
 	{"radius_avps_mode",	 INT_PARAM, &ar_radius_avps_mode	},
+	{"append_realm_to_username", INT_PARAM, &append_realm_to_username       },
 	{0, 0, 0}
 };
 
diff --git a/modules/auth_radius/authrad_mod.h b/modules/auth_radius/authrad_mod.h
index c6561d3..ac8fe01 100644
--- a/modules/auth_radius/authrad_mod.h
+++ b/modules/auth_radius/authrad_mod.h
@@ -41,6 +41,7 @@ extern struct extra_attr *auth_extra;
 
 extern int use_ruri_flag;
 extern int ar_radius_avps_mode;
+extern int append_realm_to_username;
 
 extern auth_api_s_t auth_api;
 
diff --git a/modules/auth_radius/doc/auth_radius.xml b/modules/auth_radius/doc/auth_radius.xml
index 5ae4e28..fd02edc 100644
--- a/modules/auth_radius/doc/auth_radius.xml
+++ b/modules/auth_radius/doc/auth_radius.xml
@@ -38,6 +38,11 @@
 		<surname>Janak</surname>
 		<email>jan at iptel.org</email>
 		</editor>
+		<editor>
+		<firstname>Phil</firstname>
+		<surname>Lavin</surname>
+		<email>phil.lavin at synety.com</email>
+		</editor>
 	</authorgroup>
 	<copyright>
 		<year>2002</year>
diff --git a/modules/auth_radius/doc/auth_radius_admin.xml b/modules/auth_radius/doc/auth_radius_admin.xml
index 7977162..0475d57 100644
--- a/modules/auth_radius/doc/auth_radius_admin.xml
+++ b/modules/auth_radius/doc/auth_radius_admin.xml
@@ -206,6 +206,23 @@ modparam("auth_radius", "radius_avps_mode", 1)
 		</programlisting>
 		</example>
 	</section>
+	<section id="auth_radius.p.append_realm_to_username">
+		<title><varname>append_realm_to_username</varname> (integer)</title>
+		<para>
+			If set to 1, the username passed to the RADIUS server will have the
+			digest realm appended to it, if no domain is provided in the digest
+			username.
+		</para>
+		<para>
+			Default value is 1.
+		</para>
+		<example>
+		<title><varname>append_realm_to_username</varname> parameter usage</title>
+		<programlisting format="linespecific">
+modparam("auth_radius", "append_realm_to_username", 0)
+		</programlisting>
+		</example>
+	</section>
 	</section>
 
 	<section>
diff --git a/modules/auth_radius/sterman.c b/modules/auth_radius/sterman.c
index 88eef1d..f95fdbc 100644
--- a/modules/auth_radius/sterman.c
+++ b/modules/auth_radius/sterman.c
@@ -243,7 +243,7 @@ int radius_authorize_sterman(struct sip_msg* _msg, dig_cred_t* _cred, str* _meth
 	 * Add all the user digest parameters according to the qop defined.
 	 * Most devices tested only offer support for the simplest digest.
 	 */
-	if (_cred->username.domain.len) {
+	if (_cred->username.domain.len || !append_realm_to_username) {
 		if (!rc_avpair_add(rh, &send, attrs[A_USER_NAME].v, _cred->username.whole.s, _cred->username.whole.len, 0)) {
 			LM_ERR("unable to add User-Name attribute\n");
 			goto err;




More information about the sr-dev mailing list