[Serusers] radiusclient new generation, first beta release

Jan Janak jan at iptel.org
Tue Dec 9 16:12:02 CET 2003


Maxim,

I like the changes, feel free to commit auth_radius, group_radius, and
uri_radius patches.

Regarding acc module, Jiri is the maintainer so he should say yes/no.

I would like to ask you for one more thing, please update the ser-radius
howto as well once you commit. Just a short note at the beginning that your
version of radius library is required and where peope can get it should
be enough.

  thanks, Jan.

On 09-12 15:14, Maxim Sobolev wrote:
> Attached please find final version of the patch, which converts all 
> radius modules to radiusclient-ng. Please note that just released 
> radiusclient-0.4.0.b2 is required for this version of the patch, it can 
> be downloaded here: 
> https://developer.berlios.de/project/showfiles.php?group_id=1208.
> 
> I would like to get a permission to commit this patch.
> 
> Thanks!
> 
> -Maxim
> 
> Maxim Sobolev wrote:
> 
> >Patch for auth_radius/acc modules is attached. I've changed the way 
> >attribute codes are looked up - instead of hardcoding their values into 
> >compile-time constants, dictionary lookup is now used. Also, I've added 
> >Cisco-like call-id attribute into auth requests, which demonstrates 
> >usage of VSA attributes.
> >
> >Any comments are highly appreciated! Please note that radiusclient 
> >0.4.0.b1 is required to run those patches.
> >
> >-Maxim
> >
> >Maxim Sobolev wrote:
> >
> >>New beta release is available, main changes:
> >>
> >>- All static storage is removed from the library to make it re-entrant;
> >>
> >>- support for VSA attributes added;
> >>
> >>- support for $INCLUDE directive in dictionary file added;
> >>
> >>- style: remove all typecasts for NULL, convert all return statements 
> >>to a single style.
> >>
> >>You can download it here: 
> >>http://developer.berlios.de/project/showfiles.php?group_id=1208.
> >>
> >>Tomorrow I'll post my patches for SER to make it work with new 
> >>radiusclient.
> >>
> >>Enjoy! Let me know if there any bugs or problems with this version.
> >>
> >>-Maxim
> >>
> >>_______________________________________________
> >>Serusers mailing list
> >>serusers at lists.iptel.org
> >>http://lists.iptel.org/mailman/listinfo/serusers
> >>
> >>
> >>
> >
> >
> 

> ? acc/a
> ? acc/c
> ? acc/dict.h,v
> Index: acc/Makefile
> ===================================================================
> RCS file: /cvsroot/ser/sip_router/modules/acc/Makefile,v
> retrieving revision 1.17
> diff -d -u -d -u -r1.17 Makefile
> --- acc/Makefile	2003/12/05 14:30:23	1.17
> +++ acc/Makefile	2003/12/09 12:19:24
> @@ -14,7 +14,7 @@
>  #DEFS+=-DSQL_ACC
>  
>  # uncomment the next two lines if you wish to enable RADIUS accounting
> -#DEFS+=-DRAD_ACC
> +#DEFS+=-DRAD_ACC -I$(LOCALBASE)/include
>  
>  # uncomment the next two lines if you wish to enable DIAMETER accounting
>  #DEFS+=-DDIAM_ACC
> Index: acc/acc.c
> ===================================================================
> RCS file: /cvsroot/ser/sip_router/modules/acc/acc.c,v
> retrieving revision 1.20
> diff -d -u -d -u -r1.20 acc.c
> --- acc/acc.c	2003/11/24 19:18:21	1.20
> +++ acc/acc.c	2003/12/09 12:19:24
> @@ -72,9 +72,9 @@
>  
>  #ifdef RAD_ACC
>  /* caution: keep these aligned to RAD_ACC_FMT !! */
> -static int rad_attr[] = { PW_CALLING_STATION_ID, PW_CALLED_STATION_ID,
> -	PW_SIP_TRANSLATED_REQ_ID, PW_ACCT_SESSION_ID, PW_SIP_TO_TAG, 
> -	PW_SIP_FROM_TAG, PW_SIP_CSEQ };
> +static int rad_attr[] = { A_CALLING_STATION_ID, A_CALLED_STATION_ID,
> +	A_SIP_TRANSLATED_REQUEST_URI, A_ACCT_SESSION_ID, A_SIP_TO_TAG,
> +	A_SIP_FROM_TAG, A_SIP_CSEQ };
>  #endif
>  
>  #ifdef DIAM_ACC
> @@ -551,14 +551,14 @@
>  
>  	code=phrase2code(phrase);
>  	if (code==0)
> -		return PW_STATUS_FAILED;
> +		return vals[V_STATUS_FAILED].v;
>  	if ((rq->REQ_METHOD==METHOD_INVITE || rq->REQ_METHOD==METHOD_ACK)
>  				&& code>=200 && code<300) 
> -		return PW_STATUS_START;
> +		return vals[V_STATUS_START].v;
>  	if ((rq->REQ_METHOD==METHOD_BYE 
>  					|| rq->REQ_METHOD==METHOD_CANCEL)) 
> -		return PW_STATUS_STOP;
> -	return PW_STATUS_FAILED;
> +		return vals[V_STATUS_STOP].v;
> +	return vals[V_STATUS_FAILED].v;
>  }
>  
>  int acc_rad_request( struct sip_msg *rq, struct hdr_field *to, 
> @@ -594,28 +594,28 @@
>  	}
>  
>  	av_type=rad_status(rq, phrase);
> -	if (!rc_avpair_add(&send, PW_ACCT_STATUS_TYPE, &av_type,0)) {
> +	if (!rc_avpair_add(rh, &send, attrs[A_ACCT_STATUS_TYPE].v, &av_type,0, 0)) {
>  		LOG(L_ERR, "ERROR: acc_rad_request: add STATUS_TYPE\n");
>  		goto error;
>  	}
> -	av_type=service_type;
> -	if (!rc_avpair_add(&send, PW_SERVICE_TYPE, &av_type,0)) {
> +	av_type=vals[V_SIP_SESSION].v;
> +	if (!rc_avpair_add(rh, &send, attrs[A_SERVICE_TYPE].v, &av_type,0, 0)) {
>  		LOG(L_ERR, "ERROR: acc_rad_request: add STATUS_TYPE\n");
>  		goto error;
>  	}
>  	av_type=phrase2code(phrase); /* status=integer */
>  	/* if (phrase.len<3) c=nullcode;
>  	else { memcpy(ccode, phrase.s, 3); ccode[3]=0;c=nullcode;} */
> -	if (!rc_avpair_add(&send, PW_SIP_RESPONSE_CODE, &av_type,0)) {
> +	if (!rc_avpair_add(rh, &send, attrs[A_SIP_RESPONSE_CODE].v, &av_type,0, 0)) {
>  		LOG(L_ERR, "ERROR: acc_rad_request: add RESPONSE_CODE\n");
>  		goto error;
>  	}
>  	av_type=rq->REQ_METHOD;
> -	if (!rc_avpair_add(&send, PW_SIP_METHOD, &av_type,0)) {
> +	if (!rc_avpair_add(rh, &send, attrs[A_SIP_METHOD].v, &av_type,0, 0)) {
>  		LOG(L_ERR, "ERROR: acc_rad_request: add SIP_METHOD\n");
>  		goto error;
>  	}
> -        /* Handle PW_USER_NAME as a special case */
> +        /* Handle User-Name as a special case */
>  	user=cred_user(rq);  /* try to take it from credentials */
>  	if (user) {
>  		realm = cred_realm(rq);
> @@ -629,10 +629,10 @@
>  			memcpy(user_name.s, user->s, user->len);
>  			user_name.s[user->len] = '@';
>  			memcpy(user_name.s+user->len+1, realm->s, realm->len);
> -			if (!rc_avpair_add(&send, PW_USER_NAME, 
> -					   user_name.s, user_name.len)) {
> +			if (!rc_avpair_add(rh, &send, attrs[A_USER_NAME].v, 
> +					   user_name.s, user_name.len, 0)) {
>  				LOG(L_ERR, "ERROR: acc_rad_request: rc_avpaid_add "
> -				    "failed for %d\n", PW_USER_NAME );
> +				    "failed for %d\n", attrs[A_USER_NAME].v );
>  				pkg_free(user_name.s);
>  				goto error;
>  			}
> @@ -640,10 +640,10 @@
>  		} else {
>  			user_name.len = user->len;
>  			user_name.s = user->s;
> -			if (!rc_avpair_add(&send, PW_USER_NAME, 
> -					   user_name.s, user_name.len)) {
> +			if (!rc_avpair_add(rh, &send, attrs[A_USER_NAME].v, 
> +					   user_name.s, user_name.len, 0)) {
>  				LOG(L_ERR, "ERROR: acc_rad_request: rc_avpaid_add "
> -				    "failed for %d\n", PW_USER_NAME );
> +				    "failed for %d\n", attrs[A_USER_NAME].v );
>  				goto error;
>  			}
>  		}
> @@ -662,10 +662,10 @@
>  			memcpy(user_name.s, puri.user.s, puri.user.len);
>  			user_name.s[puri.user.len] = '@';
>  			memcpy(user_name.s+puri.user.len+1, puri.host.s, puri.host.len);
> -			if (!rc_avpair_add(&send, PW_USER_NAME, 
> -					   user_name.s, user_name.len)) {
> +			if (!rc_avpair_add(rh, &send, attrs[A_USER_NAME].v, 
> +					   user_name.s, user_name.len, 0)) {
>  				LOG(L_ERR, "ERROR: acc_rad_request: rc_avpaid_add "
> -				    "failed for %d\n", PW_USER_NAME );
> +				    "failed for %d\n", attrs[A_USER_NAME].v );
>  				pkg_free(user_name.s);
>  				goto error;
>  			}
> @@ -673,25 +673,25 @@
>  		} else {
>  			user_name.len = na.len;
>  			user_name.s = na.s;
> -			if (!rc_avpair_add(&send, PW_USER_NAME, 
> -					   user_name.s, user_name.len)) {
> +			if (!rc_avpair_add(rh, &send, attrs[A_USER_NAME].v, 
> +					   user_name.s, user_name.len, 0)) {
>  				LOG(L_ERR, "ERROR: acc_rad_request: rc_avpaid_add "
> -				    "failed for %d\n", PW_USER_NAME );
> +				    "failed for %d\n", attrs[A_USER_NAME].v );
>  				goto error;
>  			}
>  		}
>  	}
>          /* Remaining attributes from rad_attr vector */
>  	for(i=0; i<attr_cnt; i++) {
> -		if (!rc_avpair_add(&send, rad_attr[i], 
> -				   val_arr[i]->s,val_arr[i]->len)) {
> +		if (!rc_avpair_add(rh, &send, attrs[rad_attr[i]].v, 
> +				   val_arr[i]->s,val_arr[i]->len, 0)) {
>  			LOG(L_ERR, "ERROR: acc_rad_request: rc_avpaid_add "
> -			    "failed for %d\n", rad_attr[i] );
> +			    "failed for %s\n", attrs[rad_attr[i]].n );
>  			goto error;
>  		}
>  	}
>  		
> -	if (rc_acct(SIP_PORT, send)!=OK_RC) {
> +	if (rc_acct(rh, SIP_PORT, send)!=OK_RC) {
>  		LOG(L_ERR, "ERROR: acc_rad_request: radius-ing failed\n");
>  		goto error;
>  	}
> Index: acc/acc.h
> ===================================================================
> RCS file: /cvsroot/ser/sip_router/modules/acc/acc.h,v
> retrieving revision 1.11
> diff -d -u -d -u -r1.11 acc.h
> --- acc/acc.h	2003/11/24 19:18:21	1.11
> +++ acc/acc.h	2003/12/09 12:19:24
> @@ -100,7 +100,8 @@
>  
>  
>  #ifdef RAD_ACC
> -extern int service_type;
> +extern struct attr attrs[];
> +extern struct val vals[];
>  #endif
>  
>  
> Index: acc/acc_mod.c
> ===================================================================
> RCS file: /cvsroot/ser/sip_router/modules/acc/acc_mod.c,v
> retrieving revision 1.31
> diff -d -u -d -u -r1.31 acc_mod.c
> --- acc/acc_mod.c	2003/12/05 14:30:23	1.31
> +++ acc/acc_mod.c	2003/12/09 12:19:24
> @@ -107,10 +107,13 @@
>  int log_level=L_NOTICE;
>  char *log_fmt=DEFAULT_LOG_FMT;
>  #ifdef RAD_ACC
> -char *radius_config = "/usr/local/etc/radiusclient/radiusclient.conf";
> +static char *radius_config = "/usr/local/etc/radiusclient/radiusclient.conf";
>  int radius_flag = 0;
>  int radius_missed_flag = 0;
> -int service_type = PW_SIP_SESSION;
> +static int service_type = -1;
> +void *rh;
> +struct attr attrs[A_MAX];
> +struct val vals[V_MAX];
>  #endif
>  
>  /* DIAMETER */
> @@ -312,19 +315,43 @@
>  #endif
>  
>  #ifdef RAD_ACC
> +	memset(attrs, 0, sizeof(attrs));
> +	memset(attrs, 0, sizeof(vals));
> +	attrs[A_CALLING_STATION_ID].n		= "Calling-Station-Id";
> +	attrs[A_CALLED_STATION_ID].n		= "Called-Station-Id";
> +	attrs[A_SIP_TRANSLATED_REQUEST_URI].n	= "Sip-Translated-Request-URI";
> +	attrs[A_ACCT_SESSION_ID].n		= "Acct-Session-Id";
> +	attrs[A_SIP_TO_TAG].n			= "Sip-To-Tag";
> +	attrs[A_SIP_FROM_TAG].n			= "Sip-From-Tag";
> +	attrs[A_SIP_CSEQ].n			= "Sip-CSeq";
> +	attrs[A_ACCT_STATUS_TYPE].n		= "Acct-Status-Type";
> +	attrs[A_SERVICE_TYPE].n			= "Service-Type";
> +	attrs[A_SIP_RESPONSE_CODE].n		= "Sip-Response-Code";
> +	attrs[A_SIP_METHOD].n			= "Sip-Method";
> +	attrs[A_USER_NAME].n			= "User-Name";
> +	vals[V_STATUS_START].n			= "Start";
> +	vals[V_STATUS_STOP].n			= "Stop";
> +	vals[V_STATUS_FAILED].n			= "Failed";
> +	vals[V_SIP_SESSION].n			= "Sip-Session";
> +
>  	/* open log */
>  	rc_openlog("ser");
>  	/* read config */
> -	if (rc_read_config(radius_config)!=0) {
> +	if ((rh = rc_read_config(radius_config)) == NULL) {
>  		LOG(L_ERR, "ERROR: acc: error opening radius config file: %s\n", 
>  			radius_config );
>  		return -1;
>  	}
>  	/* read dictionary */
> -	if (rc_read_dictionary(rc_conf_str("dictionary"))!=0) {
> +	if (rc_read_dictionary(rh, rc_conf_str(rh, "dictionary"))!=0) {
>  		LOG(L_ERR, "ERROR: acc: error reading radius dictionary\n");
>  		return -1;
>  	}
> +
> +	INIT_AV(rh, attrs, vals, "acc", -1, -1);
> +
> +	if (service_type != -1)
> +		vals[V_SIP_SESSION].v = service_type;
>  #endif
>  
>  	return 0;
> Index: acc/acc_mod.h
> ===================================================================
> RCS file: /cvsroot/ser/sip_router/modules/acc/acc_mod.h,v
> retrieving revision 1.11
> diff -d -u -d -u -r1.11 acc_mod.h
> --- acc/acc_mod.h	2003/11/24 19:18:21	1.11
> +++ acc/acc_mod.h	2003/12/09 12:19:24
> @@ -53,7 +53,7 @@
>  #ifdef RAD_ACC
>  extern int radius_flag;
>  extern int radius_missed_flag;
> -extern int service_type;
> +extern void *rh;
>  #endif
>  
>  #ifdef DIAM_ACC
> Index: acc/dict.h
> ===================================================================
> RCS file: /cvsroot/ser/sip_router/modules/acc/dict.h,v
> retrieving revision 1.3
> diff -d -u -d -u -r1.3 dict.h
> --- acc/dict.h	2003/09/11 21:53:36	1.3
> +++ acc/dict.h	2003/12/09 12:19:24
> @@ -34,17 +34,84 @@
>  #ifndef _DICT_H
>  #define _DICT_H
>  
> -#define PW_SIP_METHOD			101	/* integer */
> -#define PW_SIP_RESPONSE_CODE	        102     /* integer */
> -#define PW_SIP_CSEQ			103	/* string */
> -#define PW_SIP_TO_TAG			104	/* string */
> -#define PW_SIP_FROM_TAG			105	/* string */
> -#define PW_SIP_BRANCH_ID		106     /* string -- Not used */
> -#define PW_SIP_TRANSLATED_REQ_ID	107     /* string */
> -#define PW_SIP_SOURCE_IP_ADDRESS	108     /* ipaddr -- Not used */
> -#define PW_SIP_SOURCE_PORT		109     /* integer -- Not used */
> +struct attr {
> +	const char *n;
> +	int v;
> +};
>  
> -#define PW_SIP_SESSION	                 15     /* SIP service-type */
> -#define PW_STATUS_FAILED		 15
> +struct val {
> +	const char *n;
> +	int v;
> +};
> +
> +#define	A_USER_NAME			0
> +#define	A_SERVICE_TYPE			1
> +#define	A_CALLED_STATION_ID		2
> +#define	A_CALLING_STATION_ID		3
> +#define	A_ACCT_STATUS_TYPE		4
> +#define	A_ACCT_SESSION_ID		5
> +#define	A_SIP_METHOD			6
> +#define	A_SIP_RESPONSE_CODE		7
> +#define	A_SIP_CSEQ			8
> +#define	A_SIP_TO_TAG			9
> +#define	A_SIP_FROM_TAG			10
> +#define	A_SIP_TRANSLATED_REQUEST_URI	11
> +#define	A_DIGEST_RESPONSE		12
> +#define	A_DIGEST_ATTRIBUTES		13
> +#define	A_SIP_URI_USER			14
> +#define	A_SIP_RPID			15
> +#define	A_DIGEST_REALM			16
> +#define	A_DIGEST_NONCE			17
> +#define	A_DIGEST_METHOD			18
> +#define	A_DIGEST_URI			19
> +#define	A_DIGEST_QOP			20
> +#define	A_DIGEST_ALGORITHM		21
> +#define	A_DIGEST_BODY_DIGEST		22
> +#define	A_DIGEST_CNONCE			23
> +#define	A_DIGEST_NONCE_COUNT		24
> +#define	A_DIGEST_USER_NAME		25
> +#define	A_SIP_GROUP			26
> +#define	A_CISCO_AVPAIR			27
> +#define	A_MAX				27
> +
> +#define	V_STATUS_START			0
> +#define	V_STATUS_STOP			1
> +#define	V_STATUS_FAILED			2
> +#define	V_CALL_CHECK			3
> +#define	V_EMERGENCY_CALL		4
> +#define	V_SIP_SESSION			5
> +#define	V_GROUP_CHECK			6
> +#define	V_MAX				6
> +
> +#define	INIT_AV(rh, at, vl, fn, e1, e2)					\
> +{									\
> +	int i;								\
> +	DICT_ATTR *da;							\
> +	DICT_VALUE *dv;							\
> +									\
> +	for (i = 0; i < A_MAX; i++) {					\
> +		if (at[i].n == NULL)					\
> +			continue;					\
> +		da = rc_dict_findattr(rh, at[i].n);			\
> +		if (da == NULL) {					\
> +			LOG(L_ERR, "ERROR: %s: can't get code for the "	\
> +				   "%s attribute\n", fn, at[i].n);	\
> +			return e1;					\
> +		}							\
> +		at[i].v = da->value;					\
> +	}								\
> +	for (i = 0; i < V_MAX; i++) {					\
> +		if (vl[i].n == NULL)					\
> +			continue;					\
> +		dv = rc_dict_findval(rh, vl[i].n);			\
> +		if (dv == NULL) {					\
> +			LOG(L_ERR, "ERROR: %s: can't get code for the "	\
> +				   "%s attribute value\n", fn, vl[i].n);\
> +			return e2;					\
> +		}							\
> +		vl[i].v = dv->value;					\
> +	}								\
> +}
> +
>  
>  #endif
> Index: acc/etc/sip_dictionary
> ===================================================================
> RCS file: /cvsroot/ser/sip_router/modules/acc/etc/sip_dictionary,v
> retrieving revision 1.1
> diff -d -u -d -u -r1.1 sip_dictionary
> --- acc/etc/sip_dictionary	2003/04/05 14:05:19	1.1
> +++ acc/etc/sip_dictionary	2003/12/09 12:19:24
> @@ -23,6 +23,9 @@
>  #	7		= 1	(integer encoding)
>  #
>  
> +VENDOR		Cisco			9
> +ATTRIBUTE	Cisco-AVPair		1	string	Cisco
> +
>  #
>  #	Following are the proper new names. Use these.
>  #
> @@ -99,39 +102,42 @@
>  #	Experiment SIP-specific attributes:
>  #	These attributes are tied between client & server
>  #
> -ATTRIBUTE	Sip-Method					101	integer
> -ATTRIBUTE	Sip-Response-Code			102	integer
> -ATTRIBUTE	Sip-CSeq					103	string
> -ATTRIBUTE	Sip-To-Tag					104	string
> -ATTRIBUTE	Sip-From-Tag				105	string
> -ATTRIBUTE	Sip-Branch-ID				106	string
> +ATTRIBUTE	Sip-Method			101	integer
> +ATTRIBUTE	Sip-Response-Code		102	integer
> +ATTRIBUTE	Sip-CSeq			103	string
> +ATTRIBUTE	Sip-To-Tag			104	string
> +ATTRIBUTE	Sip-From-Tag			105	string
> +ATTRIBUTE	Sip-Branch-ID			106	string
>  ATTRIBUTE	Sip-Translated-Request-URI	107	string
>  ATTRIBUTE	Sip-Source-IP-Address		108	ipaddr
> -ATTRIBUTE	Sip-Source-Port				109	integer
> -ATTRIBUTE   Sip-User-ID	            	110 string
> -ATTRIBUTE   Sip-User-realm 				111 string
> -ATTRIBUTE   Sip-User-nonce 				112 string
> -ATTRIBUTE   Sip-User-method				113 string
> -ATTRIBUTE   Sip-User-digest-uri     	114 string
> -ATTRIBUTE	Sip-User-nonce_count 		115 string
> -ATTRIBUTE	Sip-User-qop				116 string
> -ATTRIBUTE	Sip-User-opaque				117 string
> -ATTRIBUTE	Sip-User-response			118 string
> -ATTRIBUTE   Sip_User-cnonce				119 string
> +ATTRIBUTE	Sip-Source-Port			109	integer
> +ATTRIBUTE   	Sip-User-ID	            	110	string
> +ATTRIBUTE   	Sip-User-Realm 			111	string
> +ATTRIBUTE   	Sip-User-Nonce 			112	string
> +ATTRIBUTE   	Sip-User-Method			113	string
> +ATTRIBUTE   	Sip-User-Digest-URI     	114	string
> +ATTRIBUTE	Sip-User-Nonce-Count 		115	string
> +ATTRIBUTE	Sip-User-QOP			116	string
> +ATTRIBUTE	Sip-User-Opaque			117	string
> +ATTRIBUTE	Sip-User-Response		118	string
> +ATTRIBUTE   	Sip-User-CNonce			119	string
>  
> +ATTRIBUTE	Sip-URI-User			208	string
> +ATTRIBUTE	Sip-Group			211	string
> +ATTRIBUTE	Sip-RPId			213	string
>  
> -ATTRIBUTE	Digest-Response		206	string
> -ATTRIBUTE 	Digest-Attributes	207	string
> -ATTRIBUTE	Digest-Realm		1063	string
> -ATTRIBUTE	Digest-Nonce		1064	string
> -ATTRIBUTE	Digest-Method		1065	string
> -ATTRIBUTE	Digest-URI		1066	string
> -ATTRIBUTE	Digest-QOP		1067	string
> -ATTRIBUTE	Digest-Algorithm	1068	string
> -ATTRIBUTE	Digest-Body-Digest	1069	string
> -ATTRIBUTE	Digest-CNonce		1070	string
> -ATTRIBUTE	Digest-Nonce-Count	1071	string
> -ATTRIBUTE	Digest-User-Name	1072	string
> +ATTRIBUTE	Digest-Response			206	string
> +ATTRIBUTE 	Digest-Attributes		207	string
> +ATTRIBUTE	Digest-Realm			1063	string
> +ATTRIBUTE	Digest-Nonce			1064	string
> +ATTRIBUTE	Digest-Method			1065	string
> +ATTRIBUTE	Digest-URI			1066	string
> +ATTRIBUTE	Digest-QOP			1067	string
> +ATTRIBUTE	Digest-Algorithm		1068	string
> +ATTRIBUTE	Digest-Body-Digest		1069	string
> +ATTRIBUTE	Digest-CNonce			1070	string
> +ATTRIBUTE	Digest-Nonce-Count		1071	string
> +ATTRIBUTE	Digest-User-Name		1072	string
>  
>  
>  
> @@ -165,6 +171,9 @@
>  VALUE		Service-Type		Outbound-User		5
>  VALUE		Service-Type		Administrative-User	6
>  VALUE		Service-Type		NAS-Prompt-User		7
> +VALUE		Service-Type		Call-Check		10
> +VALUE		Service-Type		Group-Check		12
> +VALUE		Service-Type		Sip-Session		15
>  
>  #	Framed Protocols
>  
> @@ -196,6 +205,7 @@
>  VALUE		Acct-Status-Type	Stop			2
>  VALUE		Acct-Status-Type	Accounting-On		7
>  VALUE		Acct-Status-Type	Accounting-Off		8
> +VALUE		Acct-Status-Type	Failed			15
>  
>  #	Authentication Types
>  
> Index: auth_radius/Makefile
> ===================================================================
> RCS file: /cvsroot/ser/sip_router/modules/auth_radius/Makefile,v
> retrieving revision 1.4
> diff -d -u -d -u -r1.4 Makefile
> --- auth_radius/Makefile	2003/05/23 15:43:42	1.4
> +++ auth_radius/Makefile	2003/12/09 12:19:25
> @@ -8,6 +8,7 @@
>  include ../../Makefile.defs
>  auto_gen=
>  NAME=auth_radius.so
> +DEFS+=-I$(LOCALBASE)/include
>  LIBS=-L$(LOCALBASE)/lib -L/usr/pkg/lib -lradiusclient
>  
>  include ../../Makefile.modules
> Index: auth_radius/authorize.c
> ===================================================================
> RCS file: /cvsroot/ser/sip_router/modules/auth_radius/authorize.c,v
> retrieving revision 1.10
> diff -d -u -d -u -r1.10 authorize.c
> --- auth_radius/authorize.c	2003/11/05 03:49:43	1.10
> +++ auth_radius/authorize.c	2003/12/09 12:19:25
> @@ -128,7 +128,7 @@
>  	     /* Clear the rpid buffer from previous value */
>  	rpid.len = 0;
>  
> -	res = radius_authorize_sterman(&cred->digest, &_msg->first_line.u.request.method, &user, &rpid);
> +	res = radius_authorize_sterman(_msg, &cred->digest, &_msg->first_line.u.request.method, &user, &rpid);
>  	pkg_free(user.s);
>  
>  	if (res == 1) {
> Index: auth_radius/authrad_mod.c
> ===================================================================
> RCS file: /cvsroot/ser/sip_router/modules/auth_radius/authrad_mod.c,v
> retrieving revision 1.12
> diff -d -u -d -u -r1.12 authrad_mod.c
> --- auth_radius/authrad_mod.c	2003/09/11 22:00:27	1.12
> +++ auth_radius/authrad_mod.c	2003/12/09 12:19:25
> @@ -45,13 +45,18 @@
>  #include "authrad_mod.h"
>  #include "authorize.h"
>  #include <radiusclient.h>
> -#include "dict.h"
> +#include "../../modules/acc/dict.h"
>  
>  MODULE_VERSION
>  
>  pre_auth_f pre_auth_func = 0;   /* Pre authorization function from auth module */
>  post_auth_f post_auth_func = 0; /* Post authorization function from auth module */
>  
> +struct attr attrs[A_MAX];
> +struct val vals[V_MAX];
> +void *rh;
> +int ciscopec;
> +
>  static int mod_init(void);                        /* Module initialization function */
>  static int str_fixup(void** param, int param_no); /* char* -> str* */
>  
> @@ -59,8 +64,8 @@
>  /*
>   * Module parameter variables
>   */
> -char* radius_config = "/usr/local/etc/radiusclient/radiusclient.conf";
> -int service_type = PW_SIP_SESSION;
> +static char* radius_config = "/usr/local/etc/radiusclient/radiusclient.conf";
> +static int service_type = -1;
>  
>  
>  /*
> @@ -103,25 +108,60 @@
>   */
>  static int mod_init(void)
>  {
> +	DICT_VENDOR *vend;
> +
>  	DBG("auth_radius - Initializing\n");
>  
> -	if (rc_read_config(radius_config) != 0) {
> +	memset(attrs, 0, sizeof(attrs));
> +	memset(attrs, 0, sizeof(vals));
> +	attrs[A_SERVICE_TYPE].n			= "Service-Type";
> +	attrs[A_SIP_RPID].n			= "Sip-RPId";
> +	attrs[A_SIP_URI_USER].n			= "Sip-URI-User";
> +	attrs[A_DIGEST_RESPONSE].n		= "Digest-Response";
> +	attrs[A_DIGEST_ALGORITHM].n		= "Digest-Algorithm";
> +	attrs[A_DIGEST_BODY_DIGEST].n		= "Digest-Body-Digest";
> +	attrs[A_DIGEST_CNONCE].n		= "Digest-CNonce";
> +	attrs[A_DIGEST_NONCE_COUNT].n		= "Digest-Nonce-Count";
> +	attrs[A_DIGEST_QOP].n			= "Digest-QOP";
> +	attrs[A_DIGEST_METHOD].n		= "Digest-Method";
> +	attrs[A_DIGEST_URI].n			= "Digest-URI";
> +	attrs[A_DIGEST_NONCE].n			= "Digest-Nonce";
> +	attrs[A_DIGEST_REALM].n			= "Digest-Realm";
> +	attrs[A_DIGEST_USER_NAME].n		= "Digest-User-Name";
> +	attrs[A_USER_NAME].n			= "User-Name";
> +	attrs[A_CISCO_AVPAIR].n			= "Cisco-AVPair";
> +	vals[V_SIP_SESSION].n			= "Sip-Session";
> +
> +	if ((rh = rc_read_config(radius_config)) == NULL) {
>  		LOG(L_ERR, "auth_radius: Error opening configuration file \n");
>  		return -1;
>  	}
> -    
> -	if (rc_read_dictionary(rc_conf_str("dictionary")) != 0) {
> +
> +	if (rc_read_dictionary(rh, rc_conf_str(rh, "dictionary")) != 0) {
>  		LOG(L_ERR, "auth_radius: Error opening dictionary file \n");
>  		return -2;
>  	}
>  
> +	vend = rc_dict_findvend(rh, "Cisco");
> +	if (vend == NULL) {
> +		LOG(L_ERR, "auth_radius: No `Cisco' vendor in Radius "
> +			   "dictionary\n");
> +		return -3;
> +	}
> +	ciscopec = vend->vendorpec;
> +
>  	pre_auth_func = (pre_auth_f)find_export("pre_auth", 0, 0);
>  	post_auth_func = (post_auth_f)find_export("post_auth", 0, 0);
>  
>  	if (!(pre_auth_func && post_auth_func)) {
>  		LOG(L_ERR, "auth_radius: This module requires auth module\n");
> -		return -3;
> +		return -4;
>  	}
> +
> +	INIT_AV(rh, attrs, vals, "auth_radius", -5, -6);
> +
> +	if (service_type != -1)
> +		vals[V_SIP_SESSION].v = service_type;
>  
>  	return 0;
>  }
> Index: auth_radius/authrad_mod.h
> ===================================================================
> RCS file: /cvsroot/ser/sip_router/modules/auth_radius/authrad_mod.h,v
> retrieving revision 1.3
> diff -d -u -d -u -r1.3 authrad_mod.h
> --- auth_radius/authrad_mod.h	2003/05/02 12:21:54	1.3
> +++ auth_radius/authrad_mod.h	2003/12/09 12:19:25
> @@ -37,14 +37,12 @@
>  
>  #include "../auth/api.h"
>  
> +extern struct attr attrs[];
> +extern struct val vals[];
> +extern void *rh;
> +extern int ciscopec;
>  
>  extern pre_auth_f pre_auth_func;
>  extern post_auth_f post_auth_func;
>  
> -/*
> - * Module parameter variables
> - */
> -extern char* radius_config; /* radiusclient configuration file */
> -extern int service_type;    /* radius service type used for access request */
> - 
>  #endif /* AUTHRAD_MOD_H */
> Index: auth_radius/dict.h
> ===================================================================
> RCS file: dict.h
> diff -N dict.h
> --- /tmp/cvsmA0FVN	Tue Dec  9 13:19:25 2003
> +++ /dev/null	Tue Sep  4 15:27:29 2001
> @@ -1,66 +0,0 @@
> -/*
> - * $Id: dict.h,v 1.1 2003/09/11 22:00:27 janakj Exp $
> - *
> - * Digest Authentication - Radius support
> - * Definitions not found in radiusclient.h
> - *
> - * Copyright (C) 2001-2003 Fhg Fokus
> - *
> - * This file is part of ser, a free SIP server.
> - *
> - * ser is free software; you can redistribute it and/or modify
> - * it under the terms of the GNU General Public License as published by
> - * the Free Software Foundation; either version 2 of the License, or
> - * (at your option) any later version
> - *
> - * For a license to use the ser software under conditions
> - * other than those described here, or to purchase support for this
> - * software, please contact iptel.org by e-mail at the following addresses:
> - *    info at iptel.org
> - *
> - * ser is distributed in the hope that it will be useful,
> - * but WITHOUT ANY WARRANTY; without even the implied warranty of
> - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> - * GNU General Public License for more details.
> - *
> - * You should have received a copy of the GNU General Public License 
> - * along with this program; if not, write to the Free Software 
> - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
> - *
> - * History:
> - * -------
> - * 2003-03-09: Based on ser_radius.h from radius_auth (janakj)
> - */
> -
> -/*
> - * WARNING: Don't forget to update the dictionary if you update the file !!!
> - */
> -
> -#ifndef DICT_H
> -#define DICT_H
> -
> -/* Service types */
> -#define PW_CALL_CHECK                   10
> -#define PW_EMERGENCY_CALL               13
> -#define PW_SIP_SESSION                  15
> -
> -/* Attributes*/
> -#define PW_DIGEST_RESPONSE	        206	/* string */
> -#define PW_DIGEST_ATTRIBUTES	        207	/* string */
> -
> -#define PW_SIP_URI_USER                 208     /* string */
> -#define PW_SIP_RPID                     213     /* string */
> -
> -#define PW_DIGEST_REALM		        1063	/* string */
> -#define	PW_DIGEST_NONCE		        1064	/* string */
> -#define	PW_DIGEST_METHOD	        1065	/* string */
> -#define	PW_DIGEST_URI		        1066	/* string */
> -#define	PW_DIGEST_QOP		        1067	/* string */
> -#define	PW_DIGEST_ALGORITHM	        1068	/* string */
> -#define	PW_DIGEST_BODY_DIGEST	        1069	/* string */
> -#define	PW_DIGEST_CNONCE	        1070	/* string */
> -#define	PW_DIGEST_NONCE_COUNT	        1071	/* string */
> -#define	PW_DIGEST_USER_NAME	        1072	/* string */
> -
> -
> -#endif /* DICT_H */
> Index: auth_radius/sterman.c
> ===================================================================
> RCS file: /cvsroot/ser/sip_router/modules/auth_radius/sterman.c,v
> retrieving revision 1.7
> diff -d -u -d -u -r1.7 sterman.c
> --- auth_radius/sterman.c	2003/09/11 22:00:27	1.7
> +++ auth_radius/sterman.c	2003/12/09 12:19:25
> @@ -32,11 +32,12 @@
>   */
>  
>  
> +#include <stdlib.h>
>  #include <string.h>
>  #include "../../mem/mem.h"
>  #include "../../dprint.h"
>  #include "../auth/api.h"
> -#include "dict.h"
> +#include "../../modules/acc/dict.h"
>  #include "sterman.h"
>  #include "authrad_mod.h"
>  #include <radiusclient.h>
> @@ -49,12 +50,12 @@
>   * which can be be used as a check item in the request.  Service type of
>   * the request is Authenticate-Only.
>   */
> -int radius_authorize_sterman(dig_cred_t* _cred, str* _method, str* _user, str* _rpid) 
> +int radius_authorize_sterman(struct sip_msg* _msg, dig_cred_t* _cred, str* _method, str* _user, str* _rpid) 
>  {
>  	static char msg[4096];
>  	VALUE_PAIR *send, *received, *vp;
>  	UINT4 service;
> -	str method, user, user_name;
> +	str method, user, user_name, callid;
>  	int i;
>  	
>  	send = received = 0;
> @@ -73,8 +74,8 @@
>  	 */
>  
>  	if (_cred->username.domain.len) {
> -		if (!rc_avpair_add(&send, PW_USER_NAME, _cred->username.whole.s, _cred->username.whole.len)) {
> -			LOG(L_ERR, "sterman(): Unable to add PW_USER_NAME attribute\n");
> +		if (!rc_avpair_add(rh, &send, attrs[A_USER_NAME].v, _cred->username.whole.s, _cred->username.whole.len, 0)) {
> +			LOG(L_ERR, "sterman(): Unable to add User-Name attribute\n");
>  			rc_avpair_free(send);
>  			return -2;
>  		}
> @@ -88,8 +89,8 @@
>  		memcpy(user_name.s, _cred->username.whole.s, _cred->username.whole.len);
>  		user_name.s[_cred->username.whole.len] = '@';
>  		memcpy(user_name.s + _cred->username.whole.len + 1, _cred->realm.s, _cred->realm.len);
> -		if (!rc_avpair_add(&send, PW_USER_NAME, user_name.s, user_name.len)) {
> -			LOG(L_ERR, "sterman(): Unable to add PW_USER_NAME attribute\n");
> +		if (!rc_avpair_add(rh, &send, attrs[A_USER_NAME].v, user_name.s, user_name.len, 0)) {
> +			LOG(L_ERR, "sterman(): Unable to add User-Name attribute\n");
>  			pkg_free(user_name.s);
>  			rc_avpair_free(send);
>  			return -4;
> @@ -97,30 +98,30 @@
>  		pkg_free(user_name.s);
>  	}
>  
> -	if (!rc_avpair_add(&send, PW_DIGEST_USER_NAME, _cred->username.whole.s, _cred->username.whole.len)) {
> -		LOG(L_ERR, "sterman(): Unable to add PW_DIGEST_USER_NAME attribute\n");
> +	if (!rc_avpair_add(rh, &send, attrs[A_DIGEST_USER_NAME].v, _cred->username.whole.s, _cred->username.whole.len, 0)) {
> +		LOG(L_ERR, "sterman(): Unable to add Digest-User-Name attribute\n");
>  		rc_avpair_free(send);
>  		return -5;
>  	}
>  
> -	if (!rc_avpair_add(&send, PW_DIGEST_REALM, _cred->realm.s, _cred->realm.len)) {
> -		LOG(L_ERR, "sterman(): Unable to add PW_DIGEST_REALM attribute\n");
> +	if (!rc_avpair_add(rh, &send, attrs[A_DIGEST_REALM].v, _cred->realm.s, _cred->realm.len, 0)) {
> +		LOG(L_ERR, "sterman(): Unable to add Digest-Realm attribute\n");
>  		rc_avpair_free(send);
>  		return -6;
>  	}
> -	if (!rc_avpair_add(&send, PW_DIGEST_NONCE, _cred->nonce.s, _cred->nonce.len)) {
> -		LOG(L_ERR, "sterman(): Unable to add PW_DIGEST_NONCE attribute\n");
> +	if (!rc_avpair_add(rh, &send, attrs[A_DIGEST_NONCE].v, _cred->nonce.s, _cred->nonce.len, 0)) {
> +		LOG(L_ERR, "sterman(): Unable to add Digest-Nonce attribute\n");
>  		rc_avpair_free(send);
>  		return -7;
>  	}
>  	
> -	if (!rc_avpair_add(&send, PW_DIGEST_URI, _cred->uri.s, _cred->uri.len)) {
> -		LOG(L_ERR, "sterman(): Unable to add PW_DIGEST_URI attribute\n");
> +	if (!rc_avpair_add(rh, &send, attrs[A_DIGEST_URI].v, _cred->uri.s, _cred->uri.len, 0)) {
> +		LOG(L_ERR, "sterman(): Unable to add Digest-URI attribute\n");
>  		rc_avpair_free(send);
>  		return -8;
>  	}
> -	if (!rc_avpair_add(&send, PW_DIGEST_METHOD, method.s, method.len)) {
> -		LOG(L_ERR, "sterman(): Unable to add PW_DIGEST_METHOD attribute\n");
> +	if (!rc_avpair_add(rh, &send, attrs[A_DIGEST_METHOD].v, method.s, method.len, 0)) {
> +		LOG(L_ERR, "sterman(): Unable to add Digest-Method attribute\n");
>  		rc_avpair_free(send);
>  		return -9;
>  	}
> @@ -129,39 +130,39 @@
>  	 * Add the additional authentication fields according to the QOP.
>  	 */
>  	if (_cred->qop.qop_parsed == QOP_AUTH) {
> -		if (!rc_avpair_add(&send, PW_DIGEST_QOP, "auth", 4)) {
> -			LOG(L_ERR, "sterman(): Unable to add PW_DIGEST_QOP attribute\n");
> +		if (!rc_avpair_add(rh, &send, attrs[A_DIGEST_QOP].v, "auth", 4, 0)) {
> +			LOG(L_ERR, "sterman(): Unable to add Digest-QOP attribute\n");
>  			rc_avpair_free(send);
>  			return -10;
>  		}
> -		if (!rc_avpair_add(&send, PW_DIGEST_NONCE_COUNT, _cred->nc.s, _cred->nc.len)) {
> -			LOG(L_ERR, "sterman(): Unable to add PW_DIGEST_NONCE_COUNT attribute\n");
> +		if (!rc_avpair_add(rh, &send, attrs[A_DIGEST_NONCE_COUNT].v, _cred->nc.s, _cred->nc.len, 0)) {
> +			LOG(L_ERR, "sterman(): Unable to add Digest-CNonce-Count attribute\n");
>  			rc_avpair_free(send);
>  			return -11;
>  		}
> -		if (!rc_avpair_add(&send, PW_DIGEST_CNONCE, _cred->cnonce.s, _cred->cnonce.len)) {
> -			LOG(L_ERR, "sterman(): Unable to add PW_DIGEST_CNONCE attribute\n");
> +		if (!rc_avpair_add(rh, &send, attrs[A_DIGEST_CNONCE].v, _cred->cnonce.s, _cred->cnonce.len, 0)) {
> +			LOG(L_ERR, "sterman(): Unable to add Digest-CNonce attribute\n");
>  			rc_avpair_free(send);
>  			return -12;
>  		}
>  	} else if (_cred->qop.qop_parsed == QOP_AUTHINT) {
> -		if (!rc_avpair_add(&send, PW_DIGEST_QOP, "auth-int", 8)) {
> -			LOG(L_ERR, "sterman(): Unable to add PW_DIGEST_QOP attribute\n");
> +		if (!rc_avpair_add(rh, &send, attrs[A_DIGEST_QOP].v, "auth-int", 8, 0)) {
> +			LOG(L_ERR, "sterman(): Unable to add Digest-QOP attribute\n");
>  			rc_avpair_free(send);
>  			return -13;
>  		}
> -		if (!rc_avpair_add(&send, PW_DIGEST_NONCE_COUNT, _cred->nc.s, _cred->nc.len)) {
> -			LOG(L_ERR, "sterman(): Unable to add PW_DIGEST_NONCE_COUNT attribute\n");
> +		if (!rc_avpair_add(rh, &send, attrs[A_DIGEST_NONCE_COUNT].v, _cred->nc.s, _cred->nc.len, 0)) {
> +			LOG(L_ERR, "sterman(): Unable to add Digest-Nonce-Count attribute\n");
>  			rc_avpair_free(send);
>  			return -14;
>  		}
> -		if (!rc_avpair_add(&send, PW_DIGEST_CNONCE, _cred->cnonce.s, _cred->cnonce.len)) {
> -			LOG(L_ERR, "sterman(): Unable to add PW_DIGEST_CNONCE attribute\n");
> +		if (!rc_avpair_add(rh, &send, attrs[A_DIGEST_CNONCE].v, _cred->cnonce.s, _cred->cnonce.len, 0)) {
> +			LOG(L_ERR, "sterman(): Unable to add Digest-CNonce attribute\n");
>  			rc_avpair_free(send);
>  			return -15;
>  		}
> -		if (!rc_avpair_add(&send, PW_DIGEST_BODY_DIGEST, _cred->opaque.s, _cred->opaque.len)) {
> -			LOG(L_ERR, "sterman(): Unable to add PW_DIGEST_BODY_DIGEST attribute\n");
> +		if (!rc_avpair_add(rh, &send, attrs[A_DIGEST_BODY_DIGEST].v, _cred->opaque.s, _cred->opaque.len, 0)) {
> +			LOG(L_ERR, "sterman(): Unable to add Digest-Body-Digest attribute\n");
>  			rc_avpair_free(send);
>  			return -16;
>  		}
> @@ -170,73 +171,60 @@
>  		/* send nothing for qop == "" */
>  	}
>  
> -	/*
> -	 * Now put everything place all the previous attributes into the
> -	 * PW_DIGEST_ATTRIBUTES
> -	 */
> -	
> -	/*
> -	 *  Fix up Digest-Attributes issues see draft-sterman-aaa-sip-00
> -	 */
> -	for (vp = send; vp; vp = vp->next) {
> -		switch (vp->attribute) {
> -  		default:
> -			break;
> -
> -			/* Fall thru the know values */
> -		case PW_DIGEST_REALM:
> -		case PW_DIGEST_NONCE:
> -		case PW_DIGEST_METHOD:
> -		case PW_DIGEST_URI:
> -		case PW_DIGEST_QOP:
> -		case PW_DIGEST_ALGORITHM:
> -		case PW_DIGEST_BODY_DIGEST:
> -		case PW_DIGEST_CNONCE:
> -		case PW_DIGEST_NONCE_COUNT:
> -		case PW_DIGEST_USER_NAME:
> -	
> -			/* overlapping! */
> -			memmove(&vp->strvalue[2], &vp->strvalue[0], vp->lvalue);
> -			vp->strvalue[0] = vp->attribute - PW_DIGEST_REALM + 1;
> -			vp->lvalue += 2;
> -			vp->strvalue[1] = vp->lvalue;
> -			vp->attribute = PW_DIGEST_ATTRIBUTES;
> -			break;
> -		}
> -	}
> -
>  	/* Add the response... What to calculate against... */
> -	if (!rc_avpair_add(&send, PW_DIGEST_RESPONSE, _cred->response.s, _cred->response.len)) {
> -		LOG(L_ERR, "sterman(): Unable to add PW_DIGEST_RESPONSE attribute\n");
> +	if (!rc_avpair_add(rh, &send, attrs[A_DIGEST_RESPONSE].v, _cred->response.s, _cred->response.len, 0)) {
> +		LOG(L_ERR, "sterman(): Unable to add Digest-Response attribute\n");
>  		rc_avpair_free(send);
>  		return -17;
>  	}
>  
>  	/* Indicate the service type, Authenticate only in our case */
> -	service = service_type;
> -	if (!rc_avpair_add(&send, PW_SERVICE_TYPE, &service, 0)) {
> -		LOG(L_ERR, "sterman(): Unable to add PW_SERVICE_TYPE attribute\n");
> +	service = vals[V_SIP_SESSION].v;
> +	if (!rc_avpair_add(rh, &send, attrs[A_SERVICE_TYPE].v, &service, 0, 0)) {
> +		LOG(L_ERR, "sterman(): Unable to add Service-Type attribute\n");
>  		rc_avpair_free(send);
>  	 	return -18;
>  	}
>  
>  	/* Add SIP URI as a check item */
> -	if (!rc_avpair_add(&send, PW_SIP_URI_USER, user.s, user.len)) {
> -		LOG(L_ERR, "sterman(): Unable to add PW_SIP_URI_USER attribute\n");
> +	if (!rc_avpair_add(rh, &send, attrs[A_SIP_URI_USER].v, user.s, user.len, 0)) {
> +		LOG(L_ERR, "sterman(): Unable to add Sip-URI-User attribute\n");
>  		rc_avpair_free(send);
>  	 	return -19;  	
>  	}
> -       
> +
> +	/* Add SIP Call-ID as a Cisco VSA, like IOS does */
> +	if (_msg->callid == NULL || _msg->callid->body.s == NULL) {
> +		LOG(L_ERR, "sterman(): Call-ID is missed\n");
> +		rc_avpair_free(send);
> +		return -20;
> +	}
> +	callid.len = _msg->callid->body.len + 8;
> +	callid.s = alloca(callid.len);
> +	if (callid.s == NULL) {
> +		LOG(L_ERR, "sterman(): No memory left\n");
> +		rc_avpair_free(send);
> +		return -21;
> +	}
> +	memcpy(callid.s, "call-id=", 8);
> +	memcpy(callid.s + 8, _msg->callid->body.s, _msg->callid->body.len);
> +	if (rc_avpair_add(rh, &send, attrs[A_CISCO_AVPAIR].v, callid.s,
> +	    callid.len, ciscopec) == 0) {
> +		LOG(L_ERR, "sterman(): Unable to add Cisco-AVPair attribute\n");
> +		rc_avpair_free(send);
> +		return -22;
> + 	}
> +
>  	/* Send request */
> -	if ((i = rc_auth(SIP_PORT, send, &received, msg)) == OK_RC) {
> +	if ((i = rc_auth(rh, SIP_PORT, send, &received, msg)) == OK_RC) {
>  		DBG("radius_authorize_sterman(): Success\n");
>  		rc_avpair_free(send);
>  
>  		     /* Make a copy of rpid if available */
> -		if ((vp = rc_avpair_get(received, PW_SIP_RPID))) {
> +		if ((vp = rc_avpair_get(received, attrs[A_SIP_RPID].v, 0))) {
>  			if (MAX_RPID_LEN < vp->lvalue) {
>  				LOG(L_ERR, "radius_authorize_sterman(): rpid buffer too small\n");
> -				return -20;
> +				return -23;
>  			}
>  			memcpy(_rpid->s, vp->strvalue, vp->lvalue);
>  			_rpid->len = vp->lvalue;
> @@ -249,6 +237,6 @@
>  		DBG("radius_authorize_sterman(): Failure\n");
>  		rc_avpair_free(send);
>  		rc_avpair_free(received);
> -		return -21;
> +		return -24;
>  	}
>  }
> Index: auth_radius/sterman.h
> ===================================================================
> RCS file: /cvsroot/ser/sip_router/modules/auth_radius/sterman.h,v
> retrieving revision 1.3
> diff -d -u -d -u -r1.3 sterman.h
> --- auth_radius/sterman.h	2003/04/28 22:04:33	1.3
> +++ auth_radius/sterman.h	2003/12/09 12:19:25
> @@ -45,6 +45,6 @@
>   * which can be be used as a check item in the request.  Service type of
>   * the request is Authenticate-Only.
>   */
> -int radius_authorize_sterman(dig_cred_t* _cred, str* _method, str* _user, str* _rpid); 
> +int radius_authorize_sterman(struct sip_msg* _msg, dig_cred_t* _cred, str* _method, str* _user, str* _rpid); 
>  
>  #endif /* STERMAN_H */
> Index: group_radius/Makefile
> ===================================================================
> RCS file: /cvsroot/ser/sip_router/modules/group_radius/Makefile,v
> retrieving revision 1.3
> diff -d -u -d -u -r1.3 Makefile
> --- group_radius/Makefile	2003/05/23 15:43:43	1.3
> +++ group_radius/Makefile	2003/12/09 12:19:25
> @@ -8,6 +8,7 @@
>  include ../../Makefile.defs
>  auto_gen=
>  NAME=group_radius.so
> +DEFS+=-I$(LOCALBASE)/include
>  LIBS=-L$(LOCALBASE)/lib -L/usr/pkg/lib -lradiusclient
>  
>  include ../../Makefile.modules
> Index: group_radius/dict.h
> ===================================================================
> RCS file: dict.h
> diff -N dict.h
> --- /tmp/cvs6nqAD9	Tue Dec  9 13:19:25 2003
> +++ /dev/null	Tue Sep  4 15:27:29 2001
> @@ -1,47 +0,0 @@
> -/*
> - * $Id: dict.h,v 1.1 2003/09/11 22:02:02 janakj Exp $
> - *
> - * Group Membership - Radius
> - * Definitions not found in radiusclient.h
> - *
> - * Copyright (C) 2001-2003 Fhg Fokus
> - *
> - * This file is part of ser, a free SIP server.
> - *
> - * ser is free software; you can redistribute it and/or modify
> - * it under the terms of the GNU General Public License as published by
> - * the Free Software Foundation; either version 2 of the License, or
> - * (at your option) any later version
> - *
> - * For a license to use the ser software under conditions
> - * other than those described here, or to purchase support for this
> - * software, please contact iptel.org by e-mail at the following addresses:
> - *    info at iptel.org
> - *
> - * ser is distributed in the hope that it will be useful,
> - * but WITHOUT ANY WARRANTY; without even the implied warranty of
> - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> - * GNU General Public License for more details.
> - *
> - * You should have received a copy of the GNU General Public License 
> - * along with this program; if not, write to the Free Software 
> - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
> - *
> - * History:
> - * -------
> - * 2003-03-09: Based on ser_radius.h from radius_auth (janakj)
> - */
> -
> -/*
> - * WARNING: Don't forget to update the dictionary if you update this file !!!
> - */
> -
> -#ifndef DICT_H
> -#define DICT_H
> -
> -/* Service-Type */
> -#define PW_GROUP_CHECK                  12
> -
> -#define PW_SIP_GROUP                    211     /* string */
> -
> -#endif /* DICT_H */
> Index: group_radius/group.c
> ===================================================================
> RCS file: /cvsroot/ser/sip_router/modules/group_radius/group.c,v
> retrieving revision 1.5
> diff -d -u -d -u -r1.5 group.c
> --- group_radius/group.c	2003/09/11 22:02:02	1.5
> +++ group_radius/group.c	2003/12/09 12:19:25
> @@ -44,7 +44,7 @@
>  #include "../../parser/hf.h"
>  #include "../../parser/digest/digest.h"
>  #include "group.h"
> -#include "dict.h"
> +#include "../../modules/acc/dict.h"
>  #include "grouprad_mod.h"
>  
>  
> @@ -191,8 +191,8 @@
>  		user_name = user;
>  	}
>  
> -	if (!rc_avpair_add(&send, PW_USER_NAME, user_name.s, user_name.len)) {
> -		LOG(L_ERR, "radius_is_user_in(): Error adding PW_USER_NAME\n");
> +	if (!rc_avpair_add(rh, &send, attrs[A_USER_NAME].v, user_name.s, user_name.len, 0)) {
> +		LOG(L_ERR, "radius_is_user_in(): Error adding User-Name attribute\n");
>  		rc_avpair_free(send);
>  		if (use_domain) pkg_free(user_name.s);
>  		return -7;
> @@ -200,19 +200,19 @@
>  
>  	if (use_domain) pkg_free(user_name.s);
>  
> -	if (!rc_avpair_add(&send, PW_SIP_GROUP, grp->s, grp->len)) {
> -		LOG(L_ERR, "radius_is_user_in(): Error adding PW_SIP_GROUP\n");
> +	if (!rc_avpair_add(rh, &send, attrs[A_SIP_GROUP].v, grp->s, grp->len, 0)) {
> +		LOG(L_ERR, "radius_is_user_in(): Error adding Sip-Group attribute\n");
>  	 	return -8;  	
>  	}
>  
> -	service = PW_GROUP_CHECK;
> -	if (!rc_avpair_add(&send, PW_SERVICE_TYPE, &service, 0)) {
> -		LOG(L_ERR, "radius_is_user_in(): Error adding PW_SERVICE_TYPE\n");
> +	service = vals[V_GROUP_CHECK].v;
> +	if (!rc_avpair_add(rh, &send, attrs[A_SERVICE_TYPE].v, &service, 0, 0)) {
> +		LOG(L_ERR, "radius_is_user_in(): Error adding Service-Type attribute\n");
>  		rc_avpair_free(send);
>  	 	return -9;  	
>  	}
>  
> -	if (rc_auth(0, send, &received, msg) == OK_RC) {
> +	if (rc_auth(rh, 0, send, &received, msg) == OK_RC) {
>  		DBG("radius_is_user_in(): Success\n");
>  		rc_avpair_free(send);
>  		rc_avpair_free(received);
> Index: group_radius/grouprad_mod.c
> ===================================================================
> RCS file: /cvsroot/ser/sip_router/modules/group_radius/grouprad_mod.c,v
> retrieving revision 1.6
> diff -d -u -d -u -r1.6 grouprad_mod.c
> --- group_radius/grouprad_mod.c	2003/04/27 18:17:24	1.6
> +++ group_radius/grouprad_mod.c	2003/12/09 12:19:25
> @@ -40,11 +40,16 @@
>  #include "../../dprint.h"
>  #include "../../sr_module.h"
>  #include "../../mem/mem.h"
> +#include "../../modules/acc/dict.h"
>  #include "grouprad_mod.h"
>  #include "group.h"
>  
>  MODULE_VERSION
>  
> +void *rh;
> +struct attr attrs[A_MAX];
> +struct val vals[V_MAX];
> +
>  static int mod_init(void); /* Module initialization function */
>  static int hf_fixup(void** param, int param_no); /* Header field fixup */
>  
> @@ -52,7 +57,7 @@
>  /*
>   * Module parameter variables
>   */
> -char* radius_config = "/usr/local/etc/radiusclient/radiusclient.conf";
> +static char* radius_config = "/usr/local/etc/radiusclient/radiusclient.conf";
>  int use_domain = 1;  /* By default we use domain */
>  
>  
> @@ -93,16 +98,24 @@
>  static int mod_init(void)
>  {
>  	DBG("group_radius - initializing\n");
> -	
> -	if (rc_read_config(radius_config) != 0) {
> +
> +	memset(attrs, 0, sizeof(attrs));
> +	memset(attrs, 0, sizeof(vals));
> +	attrs[A_SERVICE_TYPE].n	= "Service-Type";
> +	attrs[A_USER_NAME].n	= "User-Name";
> +	vals[V_GROUP_CHECK].n	= "Group-Check";
> +
> +	if ((rh = rc_read_config(radius_config)) == NULL) {
>  		LOG(L_ERR, "group_radius: Error opening configuration file \n");
>  		return -1;
>  	}
>      
> -	if (rc_read_dictionary(rc_conf_str("dictionary")) != 0) {
> +	if (rc_read_dictionary(rh, rc_conf_str(rh, "dictionary")) != 0) {
>  		LOG(L_ERR, "group_radius: Error opening dictionary file \n");
>  		return -2;
>  	}
> +
> +	INIT_AV(rh, attrs, vals, "group_radius", -3, -4);
>  
>  	return 0;
>  }
> Index: group_radius/grouprad_mod.h
> ===================================================================
> RCS file: /cvsroot/ser/sip_router/modules/group_radius/grouprad_mod.h,v
> retrieving revision 1.3
> diff -d -u -d -u -r1.3 grouprad_mod.h
> --- group_radius/grouprad_mod.h	2003/03/12 21:47:49	1.3
> +++ group_radius/grouprad_mod.h	2003/12/09 12:19:25
> @@ -34,10 +34,13 @@
>  #ifndef GROUPRAD_MOD_H
>  #define GROUPRAD_MOD_H
>  
> +extern struct attr attrs[];
> +extern struct val vals[];
> +extern void *rh;
> +
>  /*
>   * Module parameter variables
>   */
> -extern char* radius_config;   /* radiusclient configuration file */
>  extern int use_domain;        /* Should we use also domain ? */
>  
>  #endif /* GROUPRAD_MOD_H */
> Index: uri_radius/Makefile
> ===================================================================
> RCS file: /cvsroot/ser/sip_router/modules/uri_radius/Makefile,v
> retrieving revision 1.3
> diff -d -u -d -u -r1.3 Makefile
> --- uri_radius/Makefile	2003/05/23 15:43:44	1.3
> +++ uri_radius/Makefile	2003/12/09 12:19:25
> @@ -8,6 +8,7 @@
>  include ../../Makefile.defs
>  auto_gen=
>  NAME=uri_radius.so
> +DEFS+=-I$(LOCALBASE)/include
>  LIBS=-L$(LOCALBASE)/lib -L/usr/pkg/lib -lradiusclient
>  
>  include ../../Makefile.modules
> Index: uri_radius/checks.c
> ===================================================================
> RCS file: /cvsroot/ser/sip_router/modules/uri_radius/checks.c,v
> retrieving revision 1.3
> diff -d -u -d -u -r1.3 checks.c
> --- uri_radius/checks.c	2003/09/11 22:03:58	1.3
> +++ uri_radius/checks.c	2003/12/09 12:19:25
> @@ -35,7 +35,7 @@
>  #include "../../mem/mem.h"
>  #include "../../parser/parse_uri.h"
>  #include "../../dprint.h"
> -#include "dict.h"
> +#include "../../modules/acc/dict.h"
>  #include "checks.h"
>  #include "urirad_mod.h"
>  #include <radiusclient.h>
> @@ -74,22 +74,22 @@
>  	at += _m->parsed_uri.host.len;
>  	*at = '\0';
>  
> -	if (!rc_avpair_add(&send, PW_USER_NAME, uri, 0)) {
> +	if (!rc_avpair_add(rh, &send, attrs[A_USER_NAME].v, uri, 0, 0)) {
>  		LOG(L_ERR, "radius_does_uri_exist(): Error adding User-Name\n");
>  		rc_avpair_free(send);
>  		pkg_free(uri);
>  	 	return -3;
>  	}
>  
> -	service = service_type;
> -	if (!rc_avpair_add(&send, PW_SERVICE_TYPE, &service, 0)) {
> +	service = vals[V_CALL_CHECK].v;
> +	if (!rc_avpair_add(rh, &send, attrs[A_SERVICE_TYPE].v, &service, 0, 0)) {
>  		LOG(L_ERR, "radius_does_uri_exist(): Error adding service type\n");
>  		rc_avpair_free(send);
>  		pkg_free(uri);
>  	 	return -4;  	
>  	}
>  	
> -	if (rc_auth(0, send, &received, msg) == OK_RC) {
> +	if (rc_auth(rh, 0, send, &received, msg) == OK_RC) {
>  		DBG("radius_does_uri_exist(): Success\n");
>  		rc_avpair_free(send);
>  		rc_avpair_free(received);
> Index: uri_radius/dict.h
> ===================================================================
> RCS file: dict.h
> diff -N dict.h
> --- /tmp/cvsMz7uyT	Tue Dec  9 13:19:25 2003
> +++ /dev/null	Tue Sep  4 15:27:29 2001
> @@ -1,44 +0,0 @@
> -/*
> - * $Id: dict.h,v 1.1 2003/09/11 22:03:58 janakj Exp $
> - *
> - * Group Membership - RADIUS
> - * Definitions not found in radiusclient.h
> - *
> - * Copyright (C) 2001-2003 Fhg Fokus
> - *
> - * This file is part of ser, a free SIP server.
> - *
> - * ser is free software; you can redistribute it and/or modify
> - * it under the terms of the GNU General Public License as published by
> - * the Free Software Foundation; either version 2 of the License, or
> - * (at your option) any later version
> - *
> - * For a license to use the ser software under conditions
> - * other than those described here, or to purchase support for this
> - * software, please contact iptel.org by e-mail at the following addresses:
> - *    info at iptel.org
> - *
> - * ser is distributed in the hope that it will be useful,
> - * but WITHOUT ANY WARRANTY; without even the implied warranty of
> - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> - * GNU General Public License for more details.
> - *
> - * You should have received a copy of the GNU General Public License 
> - * along with this program; if not, write to the Free Software 
> - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
> - *
> - * History:
> - * -------
> - * 2003-03-09: Based on ser_radius.h from radius_auth (janakj)
> - */
> -
> -/*
> - * WARNING: Don't forget to update the dictionary if you update this file !!!
> - */
> -
> -#ifndef DICT_H
> -#define DICT_H
> -
> -#define PW_CALL_CHECK 10
> -
> -#endif /* DICT_H */
> Index: uri_radius/urirad_mod.c
> ===================================================================
> RCS file: /cvsroot/ser/sip_router/modules/uri_radius/urirad_mod.c,v
> retrieving revision 1.5
> diff -d -u -d -u -r1.5 urirad_mod.c
> --- uri_radius/urirad_mod.c	2003/09/11 22:03:58	1.5
> +++ uri_radius/urirad_mod.c	2003/12/09 12:19:25
> @@ -36,11 +36,14 @@
>  #include "../../sr_module.h"
>  #include "urirad_mod.h"
>  #include "checks.h"
> -#include "dict.h"
> +#include "../../modules/acc/dict.h"
>  #include <radiusclient.h>
>  
>  MODULE_VERSION
>  
> +struct attr attrs[A_MAX];
> +struct val vals[V_MAX];
> +void *rh;
>  
>  static int mod_init(void); /* Module initialization function */
>  
> @@ -48,8 +51,8 @@
>  /*
>   * Module parameter variables
>   */
> -char* radius_config = "/usr/local/etc/radiusclient/radiusclient.conf";
> -int service_type = PW_CALL_CHECK;
> +static char* radius_config = "/usr/local/etc/radiusclient/radiusclient.conf";
> +static int service_type = -1;
>  
>  /*
>   * Exported functions
> @@ -88,16 +91,27 @@
>  static int mod_init(void)
>  {
>  	DBG("uri_radius - initializing\n");
> -	
> -	if (rc_read_config(radius_config) != 0) {
> +
> +	memset(attrs, 0, sizeof(attrs));
> +	memset(attrs, 0, sizeof(vals));
> +	attrs[A_SERVICE_TYPE].n	= "Service-Type";
> +	attrs[A_USER_NAME].n	= "User-Name";
> +	vals[V_CALL_CHECK].n	= "Call-Check";
> +
> +	if ((rh = rc_read_config(radius_config)) == NULL) {
>  		LOG(L_ERR, "uri_radius: Error opening configuration file \n");
>  		return -1;
>  	}
>      
> -	if (rc_read_dictionary(rc_conf_str("dictionary")) != 0) {
> +	if (rc_read_dictionary(rh, rc_conf_str(rh, "dictionary")) != 0) {
>  		LOG(L_ERR, "uri_radius: Error opening dictionary file \n");
>  		return -2;
>  	}
> +
> +	INIT_AV(rh, attrs, vals, "uri_radius", -3, -4);
> +
> +	if (service_type != -1)
> +		vals[V_CALL_CHECK].v = service_type;
>  
>  	return 0;
>  }
> Index: uri_radius/urirad_mod.h
> ===================================================================
> RCS file: /cvsroot/ser/sip_router/modules/uri_radius/urirad_mod.h,v
> retrieving revision 1.2
> diff -d -u -d -u -r1.2 urirad_mod.h
> --- uri_radius/urirad_mod.h	2003/05/02 12:20:59	1.2
> +++ uri_radius/urirad_mod.h	2003/12/09 12:19:25
> @@ -34,10 +34,8 @@
>  #ifndef URIRAD_MOD_H
>  #define URIRAD_MOD_H
>  
> -/*
> - * Module parameter variables
> - */
> -extern char* radius_config;   /* radiusclient configuration file */
> -extern int service_type;      /* radius service type for uri check */
> +extern struct attr attrs[];
> +extern struct val vals[];
> +extern void *rh;
>  
>  #endif /* URIRAD_MOD_H */




More information about the sr-users mailing list