[Serusers] radiusclient new generation, first beta release
Jan Janak
jan at iptel.org
Tue Dec 9 16:12:02 CET 2003
Maxim,
I like the changes, feel free to commit auth_radius, group_radius, and
uri_radius patches.
Regarding acc module, Jiri is the maintainer so he should say yes/no.
I would like to ask you for one more thing, please update the ser-radius
howto as well once you commit. Just a short note at the beginning that your
version of radius library is required and where peope can get it should
be enough.
thanks, Jan.
On 09-12 15:14, Maxim Sobolev wrote:
> Attached please find final version of the patch, which converts all
> radius modules to radiusclient-ng. Please note that just released
> radiusclient-0.4.0.b2 is required for this version of the patch, it can
> be downloaded here:
> https://developer.berlios.de/project/showfiles.php?group_id=1208.
>
> I would like to get a permission to commit this patch.
>
> Thanks!
>
> -Maxim
>
> Maxim Sobolev wrote:
>
> >Patch for auth_radius/acc modules is attached. I've changed the way
> >attribute codes are looked up - instead of hardcoding their values into
> >compile-time constants, dictionary lookup is now used. Also, I've added
> >Cisco-like call-id attribute into auth requests, which demonstrates
> >usage of VSA attributes.
> >
> >Any comments are highly appreciated! Please note that radiusclient
> >0.4.0.b1 is required to run those patches.
> >
> >-Maxim
> >
> >Maxim Sobolev wrote:
> >
> >>New beta release is available, main changes:
> >>
> >>- All static storage is removed from the library to make it re-entrant;
> >>
> >>- support for VSA attributes added;
> >>
> >>- support for $INCLUDE directive in dictionary file added;
> >>
> >>- style: remove all typecasts for NULL, convert all return statements
> >>to a single style.
> >>
> >>You can download it here:
> >>http://developer.berlios.de/project/showfiles.php?group_id=1208.
> >>
> >>Tomorrow I'll post my patches for SER to make it work with new
> >>radiusclient.
> >>
> >>Enjoy! Let me know if there any bugs or problems with this version.
> >>
> >>-Maxim
> >>
> >>_______________________________________________
> >>Serusers mailing list
> >>serusers at lists.iptel.org
> >>http://lists.iptel.org/mailman/listinfo/serusers
> >>
> >>
> >>
> >
> >
>
> ? acc/a
> ? acc/c
> ? acc/dict.h,v
> Index: acc/Makefile
> ===================================================================
> RCS file: /cvsroot/ser/sip_router/modules/acc/Makefile,v
> retrieving revision 1.17
> diff -d -u -d -u -r1.17 Makefile
> --- acc/Makefile 2003/12/05 14:30:23 1.17
> +++ acc/Makefile 2003/12/09 12:19:24
> @@ -14,7 +14,7 @@
> #DEFS+=-DSQL_ACC
>
> # uncomment the next two lines if you wish to enable RADIUS accounting
> -#DEFS+=-DRAD_ACC
> +#DEFS+=-DRAD_ACC -I$(LOCALBASE)/include
>
> # uncomment the next two lines if you wish to enable DIAMETER accounting
> #DEFS+=-DDIAM_ACC
> Index: acc/acc.c
> ===================================================================
> RCS file: /cvsroot/ser/sip_router/modules/acc/acc.c,v
> retrieving revision 1.20
> diff -d -u -d -u -r1.20 acc.c
> --- acc/acc.c 2003/11/24 19:18:21 1.20
> +++ acc/acc.c 2003/12/09 12:19:24
> @@ -72,9 +72,9 @@
>
> #ifdef RAD_ACC
> /* caution: keep these aligned to RAD_ACC_FMT !! */
> -static int rad_attr[] = { PW_CALLING_STATION_ID, PW_CALLED_STATION_ID,
> - PW_SIP_TRANSLATED_REQ_ID, PW_ACCT_SESSION_ID, PW_SIP_TO_TAG,
> - PW_SIP_FROM_TAG, PW_SIP_CSEQ };
> +static int rad_attr[] = { A_CALLING_STATION_ID, A_CALLED_STATION_ID,
> + A_SIP_TRANSLATED_REQUEST_URI, A_ACCT_SESSION_ID, A_SIP_TO_TAG,
> + A_SIP_FROM_TAG, A_SIP_CSEQ };
> #endif
>
> #ifdef DIAM_ACC
> @@ -551,14 +551,14 @@
>
> code=phrase2code(phrase);
> if (code==0)
> - return PW_STATUS_FAILED;
> + return vals[V_STATUS_FAILED].v;
> if ((rq->REQ_METHOD==METHOD_INVITE || rq->REQ_METHOD==METHOD_ACK)
> && code>=200 && code<300)
> - return PW_STATUS_START;
> + return vals[V_STATUS_START].v;
> if ((rq->REQ_METHOD==METHOD_BYE
> || rq->REQ_METHOD==METHOD_CANCEL))
> - return PW_STATUS_STOP;
> - return PW_STATUS_FAILED;
> + return vals[V_STATUS_STOP].v;
> + return vals[V_STATUS_FAILED].v;
> }
>
> int acc_rad_request( struct sip_msg *rq, struct hdr_field *to,
> @@ -594,28 +594,28 @@
> }
>
> av_type=rad_status(rq, phrase);
> - if (!rc_avpair_add(&send, PW_ACCT_STATUS_TYPE, &av_type,0)) {
> + if (!rc_avpair_add(rh, &send, attrs[A_ACCT_STATUS_TYPE].v, &av_type,0, 0)) {
> LOG(L_ERR, "ERROR: acc_rad_request: add STATUS_TYPE\n");
> goto error;
> }
> - av_type=service_type;
> - if (!rc_avpair_add(&send, PW_SERVICE_TYPE, &av_type,0)) {
> + av_type=vals[V_SIP_SESSION].v;
> + if (!rc_avpair_add(rh, &send, attrs[A_SERVICE_TYPE].v, &av_type,0, 0)) {
> LOG(L_ERR, "ERROR: acc_rad_request: add STATUS_TYPE\n");
> goto error;
> }
> av_type=phrase2code(phrase); /* status=integer */
> /* if (phrase.len<3) c=nullcode;
> else { memcpy(ccode, phrase.s, 3); ccode[3]=0;c=nullcode;} */
> - if (!rc_avpair_add(&send, PW_SIP_RESPONSE_CODE, &av_type,0)) {
> + if (!rc_avpair_add(rh, &send, attrs[A_SIP_RESPONSE_CODE].v, &av_type,0, 0)) {
> LOG(L_ERR, "ERROR: acc_rad_request: add RESPONSE_CODE\n");
> goto error;
> }
> av_type=rq->REQ_METHOD;
> - if (!rc_avpair_add(&send, PW_SIP_METHOD, &av_type,0)) {
> + if (!rc_avpair_add(rh, &send, attrs[A_SIP_METHOD].v, &av_type,0, 0)) {
> LOG(L_ERR, "ERROR: acc_rad_request: add SIP_METHOD\n");
> goto error;
> }
> - /* Handle PW_USER_NAME as a special case */
> + /* Handle User-Name as a special case */
> user=cred_user(rq); /* try to take it from credentials */
> if (user) {
> realm = cred_realm(rq);
> @@ -629,10 +629,10 @@
> memcpy(user_name.s, user->s, user->len);
> user_name.s[user->len] = '@';
> memcpy(user_name.s+user->len+1, realm->s, realm->len);
> - if (!rc_avpair_add(&send, PW_USER_NAME,
> - user_name.s, user_name.len)) {
> + if (!rc_avpair_add(rh, &send, attrs[A_USER_NAME].v,
> + user_name.s, user_name.len, 0)) {
> LOG(L_ERR, "ERROR: acc_rad_request: rc_avpaid_add "
> - "failed for %d\n", PW_USER_NAME );
> + "failed for %d\n", attrs[A_USER_NAME].v );
> pkg_free(user_name.s);
> goto error;
> }
> @@ -640,10 +640,10 @@
> } else {
> user_name.len = user->len;
> user_name.s = user->s;
> - if (!rc_avpair_add(&send, PW_USER_NAME,
> - user_name.s, user_name.len)) {
> + if (!rc_avpair_add(rh, &send, attrs[A_USER_NAME].v,
> + user_name.s, user_name.len, 0)) {
> LOG(L_ERR, "ERROR: acc_rad_request: rc_avpaid_add "
> - "failed for %d\n", PW_USER_NAME );
> + "failed for %d\n", attrs[A_USER_NAME].v );
> goto error;
> }
> }
> @@ -662,10 +662,10 @@
> memcpy(user_name.s, puri.user.s, puri.user.len);
> user_name.s[puri.user.len] = '@';
> memcpy(user_name.s+puri.user.len+1, puri.host.s, puri.host.len);
> - if (!rc_avpair_add(&send, PW_USER_NAME,
> - user_name.s, user_name.len)) {
> + if (!rc_avpair_add(rh, &send, attrs[A_USER_NAME].v,
> + user_name.s, user_name.len, 0)) {
> LOG(L_ERR, "ERROR: acc_rad_request: rc_avpaid_add "
> - "failed for %d\n", PW_USER_NAME );
> + "failed for %d\n", attrs[A_USER_NAME].v );
> pkg_free(user_name.s);
> goto error;
> }
> @@ -673,25 +673,25 @@
> } else {
> user_name.len = na.len;
> user_name.s = na.s;
> - if (!rc_avpair_add(&send, PW_USER_NAME,
> - user_name.s, user_name.len)) {
> + if (!rc_avpair_add(rh, &send, attrs[A_USER_NAME].v,
> + user_name.s, user_name.len, 0)) {
> LOG(L_ERR, "ERROR: acc_rad_request: rc_avpaid_add "
> - "failed for %d\n", PW_USER_NAME );
> + "failed for %d\n", attrs[A_USER_NAME].v );
> goto error;
> }
> }
> }
> /* Remaining attributes from rad_attr vector */
> for(i=0; i<attr_cnt; i++) {
> - if (!rc_avpair_add(&send, rad_attr[i],
> - val_arr[i]->s,val_arr[i]->len)) {
> + if (!rc_avpair_add(rh, &send, attrs[rad_attr[i]].v,
> + val_arr[i]->s,val_arr[i]->len, 0)) {
> LOG(L_ERR, "ERROR: acc_rad_request: rc_avpaid_add "
> - "failed for %d\n", rad_attr[i] );
> + "failed for %s\n", attrs[rad_attr[i]].n );
> goto error;
> }
> }
>
> - if (rc_acct(SIP_PORT, send)!=OK_RC) {
> + if (rc_acct(rh, SIP_PORT, send)!=OK_RC) {
> LOG(L_ERR, "ERROR: acc_rad_request: radius-ing failed\n");
> goto error;
> }
> Index: acc/acc.h
> ===================================================================
> RCS file: /cvsroot/ser/sip_router/modules/acc/acc.h,v
> retrieving revision 1.11
> diff -d -u -d -u -r1.11 acc.h
> --- acc/acc.h 2003/11/24 19:18:21 1.11
> +++ acc/acc.h 2003/12/09 12:19:24
> @@ -100,7 +100,8 @@
>
>
> #ifdef RAD_ACC
> -extern int service_type;
> +extern struct attr attrs[];
> +extern struct val vals[];
> #endif
>
>
> Index: acc/acc_mod.c
> ===================================================================
> RCS file: /cvsroot/ser/sip_router/modules/acc/acc_mod.c,v
> retrieving revision 1.31
> diff -d -u -d -u -r1.31 acc_mod.c
> --- acc/acc_mod.c 2003/12/05 14:30:23 1.31
> +++ acc/acc_mod.c 2003/12/09 12:19:24
> @@ -107,10 +107,13 @@
> int log_level=L_NOTICE;
> char *log_fmt=DEFAULT_LOG_FMT;
> #ifdef RAD_ACC
> -char *radius_config = "/usr/local/etc/radiusclient/radiusclient.conf";
> +static char *radius_config = "/usr/local/etc/radiusclient/radiusclient.conf";
> int radius_flag = 0;
> int radius_missed_flag = 0;
> -int service_type = PW_SIP_SESSION;
> +static int service_type = -1;
> +void *rh;
> +struct attr attrs[A_MAX];
> +struct val vals[V_MAX];
> #endif
>
> /* DIAMETER */
> @@ -312,19 +315,43 @@
> #endif
>
> #ifdef RAD_ACC
> + memset(attrs, 0, sizeof(attrs));
> + memset(attrs, 0, sizeof(vals));
> + attrs[A_CALLING_STATION_ID].n = "Calling-Station-Id";
> + attrs[A_CALLED_STATION_ID].n = "Called-Station-Id";
> + attrs[A_SIP_TRANSLATED_REQUEST_URI].n = "Sip-Translated-Request-URI";
> + attrs[A_ACCT_SESSION_ID].n = "Acct-Session-Id";
> + attrs[A_SIP_TO_TAG].n = "Sip-To-Tag";
> + attrs[A_SIP_FROM_TAG].n = "Sip-From-Tag";
> + attrs[A_SIP_CSEQ].n = "Sip-CSeq";
> + attrs[A_ACCT_STATUS_TYPE].n = "Acct-Status-Type";
> + attrs[A_SERVICE_TYPE].n = "Service-Type";
> + attrs[A_SIP_RESPONSE_CODE].n = "Sip-Response-Code";
> + attrs[A_SIP_METHOD].n = "Sip-Method";
> + attrs[A_USER_NAME].n = "User-Name";
> + vals[V_STATUS_START].n = "Start";
> + vals[V_STATUS_STOP].n = "Stop";
> + vals[V_STATUS_FAILED].n = "Failed";
> + vals[V_SIP_SESSION].n = "Sip-Session";
> +
> /* open log */
> rc_openlog("ser");
> /* read config */
> - if (rc_read_config(radius_config)!=0) {
> + if ((rh = rc_read_config(radius_config)) == NULL) {
> LOG(L_ERR, "ERROR: acc: error opening radius config file: %s\n",
> radius_config );
> return -1;
> }
> /* read dictionary */
> - if (rc_read_dictionary(rc_conf_str("dictionary"))!=0) {
> + if (rc_read_dictionary(rh, rc_conf_str(rh, "dictionary"))!=0) {
> LOG(L_ERR, "ERROR: acc: error reading radius dictionary\n");
> return -1;
> }
> +
> + INIT_AV(rh, attrs, vals, "acc", -1, -1);
> +
> + if (service_type != -1)
> + vals[V_SIP_SESSION].v = service_type;
> #endif
>
> return 0;
> Index: acc/acc_mod.h
> ===================================================================
> RCS file: /cvsroot/ser/sip_router/modules/acc/acc_mod.h,v
> retrieving revision 1.11
> diff -d -u -d -u -r1.11 acc_mod.h
> --- acc/acc_mod.h 2003/11/24 19:18:21 1.11
> +++ acc/acc_mod.h 2003/12/09 12:19:24
> @@ -53,7 +53,7 @@
> #ifdef RAD_ACC
> extern int radius_flag;
> extern int radius_missed_flag;
> -extern int service_type;
> +extern void *rh;
> #endif
>
> #ifdef DIAM_ACC
> Index: acc/dict.h
> ===================================================================
> RCS file: /cvsroot/ser/sip_router/modules/acc/dict.h,v
> retrieving revision 1.3
> diff -d -u -d -u -r1.3 dict.h
> --- acc/dict.h 2003/09/11 21:53:36 1.3
> +++ acc/dict.h 2003/12/09 12:19:24
> @@ -34,17 +34,84 @@
> #ifndef _DICT_H
> #define _DICT_H
>
> -#define PW_SIP_METHOD 101 /* integer */
> -#define PW_SIP_RESPONSE_CODE 102 /* integer */
> -#define PW_SIP_CSEQ 103 /* string */
> -#define PW_SIP_TO_TAG 104 /* string */
> -#define PW_SIP_FROM_TAG 105 /* string */
> -#define PW_SIP_BRANCH_ID 106 /* string -- Not used */
> -#define PW_SIP_TRANSLATED_REQ_ID 107 /* string */
> -#define PW_SIP_SOURCE_IP_ADDRESS 108 /* ipaddr -- Not used */
> -#define PW_SIP_SOURCE_PORT 109 /* integer -- Not used */
> +struct attr {
> + const char *n;
> + int v;
> +};
>
> -#define PW_SIP_SESSION 15 /* SIP service-type */
> -#define PW_STATUS_FAILED 15
> +struct val {
> + const char *n;
> + int v;
> +};
> +
> +#define A_USER_NAME 0
> +#define A_SERVICE_TYPE 1
> +#define A_CALLED_STATION_ID 2
> +#define A_CALLING_STATION_ID 3
> +#define A_ACCT_STATUS_TYPE 4
> +#define A_ACCT_SESSION_ID 5
> +#define A_SIP_METHOD 6
> +#define A_SIP_RESPONSE_CODE 7
> +#define A_SIP_CSEQ 8
> +#define A_SIP_TO_TAG 9
> +#define A_SIP_FROM_TAG 10
> +#define A_SIP_TRANSLATED_REQUEST_URI 11
> +#define A_DIGEST_RESPONSE 12
> +#define A_DIGEST_ATTRIBUTES 13
> +#define A_SIP_URI_USER 14
> +#define A_SIP_RPID 15
> +#define A_DIGEST_REALM 16
> +#define A_DIGEST_NONCE 17
> +#define A_DIGEST_METHOD 18
> +#define A_DIGEST_URI 19
> +#define A_DIGEST_QOP 20
> +#define A_DIGEST_ALGORITHM 21
> +#define A_DIGEST_BODY_DIGEST 22
> +#define A_DIGEST_CNONCE 23
> +#define A_DIGEST_NONCE_COUNT 24
> +#define A_DIGEST_USER_NAME 25
> +#define A_SIP_GROUP 26
> +#define A_CISCO_AVPAIR 27
> +#define A_MAX 27
> +
> +#define V_STATUS_START 0
> +#define V_STATUS_STOP 1
> +#define V_STATUS_FAILED 2
> +#define V_CALL_CHECK 3
> +#define V_EMERGENCY_CALL 4
> +#define V_SIP_SESSION 5
> +#define V_GROUP_CHECK 6
> +#define V_MAX 6
> +
> +#define INIT_AV(rh, at, vl, fn, e1, e2) \
> +{ \
> + int i; \
> + DICT_ATTR *da; \
> + DICT_VALUE *dv; \
> + \
> + for (i = 0; i < A_MAX; i++) { \
> + if (at[i].n == NULL) \
> + continue; \
> + da = rc_dict_findattr(rh, at[i].n); \
> + if (da == NULL) { \
> + LOG(L_ERR, "ERROR: %s: can't get code for the " \
> + "%s attribute\n", fn, at[i].n); \
> + return e1; \
> + } \
> + at[i].v = da->value; \
> + } \
> + for (i = 0; i < V_MAX; i++) { \
> + if (vl[i].n == NULL) \
> + continue; \
> + dv = rc_dict_findval(rh, vl[i].n); \
> + if (dv == NULL) { \
> + LOG(L_ERR, "ERROR: %s: can't get code for the " \
> + "%s attribute value\n", fn, vl[i].n);\
> + return e2; \
> + } \
> + vl[i].v = dv->value; \
> + } \
> +}
> +
>
> #endif
> Index: acc/etc/sip_dictionary
> ===================================================================
> RCS file: /cvsroot/ser/sip_router/modules/acc/etc/sip_dictionary,v
> retrieving revision 1.1
> diff -d -u -d -u -r1.1 sip_dictionary
> --- acc/etc/sip_dictionary 2003/04/05 14:05:19 1.1
> +++ acc/etc/sip_dictionary 2003/12/09 12:19:24
> @@ -23,6 +23,9 @@
> # 7 = 1 (integer encoding)
> #
>
> +VENDOR Cisco 9
> +ATTRIBUTE Cisco-AVPair 1 string Cisco
> +
> #
> # Following are the proper new names. Use these.
> #
> @@ -99,39 +102,42 @@
> # Experiment SIP-specific attributes:
> # These attributes are tied between client & server
> #
> -ATTRIBUTE Sip-Method 101 integer
> -ATTRIBUTE Sip-Response-Code 102 integer
> -ATTRIBUTE Sip-CSeq 103 string
> -ATTRIBUTE Sip-To-Tag 104 string
> -ATTRIBUTE Sip-From-Tag 105 string
> -ATTRIBUTE Sip-Branch-ID 106 string
> +ATTRIBUTE Sip-Method 101 integer
> +ATTRIBUTE Sip-Response-Code 102 integer
> +ATTRIBUTE Sip-CSeq 103 string
> +ATTRIBUTE Sip-To-Tag 104 string
> +ATTRIBUTE Sip-From-Tag 105 string
> +ATTRIBUTE Sip-Branch-ID 106 string
> ATTRIBUTE Sip-Translated-Request-URI 107 string
> ATTRIBUTE Sip-Source-IP-Address 108 ipaddr
> -ATTRIBUTE Sip-Source-Port 109 integer
> -ATTRIBUTE Sip-User-ID 110 string
> -ATTRIBUTE Sip-User-realm 111 string
> -ATTRIBUTE Sip-User-nonce 112 string
> -ATTRIBUTE Sip-User-method 113 string
> -ATTRIBUTE Sip-User-digest-uri 114 string
> -ATTRIBUTE Sip-User-nonce_count 115 string
> -ATTRIBUTE Sip-User-qop 116 string
> -ATTRIBUTE Sip-User-opaque 117 string
> -ATTRIBUTE Sip-User-response 118 string
> -ATTRIBUTE Sip_User-cnonce 119 string
> +ATTRIBUTE Sip-Source-Port 109 integer
> +ATTRIBUTE Sip-User-ID 110 string
> +ATTRIBUTE Sip-User-Realm 111 string
> +ATTRIBUTE Sip-User-Nonce 112 string
> +ATTRIBUTE Sip-User-Method 113 string
> +ATTRIBUTE Sip-User-Digest-URI 114 string
> +ATTRIBUTE Sip-User-Nonce-Count 115 string
> +ATTRIBUTE Sip-User-QOP 116 string
> +ATTRIBUTE Sip-User-Opaque 117 string
> +ATTRIBUTE Sip-User-Response 118 string
> +ATTRIBUTE Sip-User-CNonce 119 string
>
> +ATTRIBUTE Sip-URI-User 208 string
> +ATTRIBUTE Sip-Group 211 string
> +ATTRIBUTE Sip-RPId 213 string
>
> -ATTRIBUTE Digest-Response 206 string
> -ATTRIBUTE Digest-Attributes 207 string
> -ATTRIBUTE Digest-Realm 1063 string
> -ATTRIBUTE Digest-Nonce 1064 string
> -ATTRIBUTE Digest-Method 1065 string
> -ATTRIBUTE Digest-URI 1066 string
> -ATTRIBUTE Digest-QOP 1067 string
> -ATTRIBUTE Digest-Algorithm 1068 string
> -ATTRIBUTE Digest-Body-Digest 1069 string
> -ATTRIBUTE Digest-CNonce 1070 string
> -ATTRIBUTE Digest-Nonce-Count 1071 string
> -ATTRIBUTE Digest-User-Name 1072 string
> +ATTRIBUTE Digest-Response 206 string
> +ATTRIBUTE Digest-Attributes 207 string
> +ATTRIBUTE Digest-Realm 1063 string
> +ATTRIBUTE Digest-Nonce 1064 string
> +ATTRIBUTE Digest-Method 1065 string
> +ATTRIBUTE Digest-URI 1066 string
> +ATTRIBUTE Digest-QOP 1067 string
> +ATTRIBUTE Digest-Algorithm 1068 string
> +ATTRIBUTE Digest-Body-Digest 1069 string
> +ATTRIBUTE Digest-CNonce 1070 string
> +ATTRIBUTE Digest-Nonce-Count 1071 string
> +ATTRIBUTE Digest-User-Name 1072 string
>
>
>
> @@ -165,6 +171,9 @@
> VALUE Service-Type Outbound-User 5
> VALUE Service-Type Administrative-User 6
> VALUE Service-Type NAS-Prompt-User 7
> +VALUE Service-Type Call-Check 10
> +VALUE Service-Type Group-Check 12
> +VALUE Service-Type Sip-Session 15
>
> # Framed Protocols
>
> @@ -196,6 +205,7 @@
> VALUE Acct-Status-Type Stop 2
> VALUE Acct-Status-Type Accounting-On 7
> VALUE Acct-Status-Type Accounting-Off 8
> +VALUE Acct-Status-Type Failed 15
>
> # Authentication Types
>
> Index: auth_radius/Makefile
> ===================================================================
> RCS file: /cvsroot/ser/sip_router/modules/auth_radius/Makefile,v
> retrieving revision 1.4
> diff -d -u -d -u -r1.4 Makefile
> --- auth_radius/Makefile 2003/05/23 15:43:42 1.4
> +++ auth_radius/Makefile 2003/12/09 12:19:25
> @@ -8,6 +8,7 @@
> include ../../Makefile.defs
> auto_gen=
> NAME=auth_radius.so
> +DEFS+=-I$(LOCALBASE)/include
> LIBS=-L$(LOCALBASE)/lib -L/usr/pkg/lib -lradiusclient
>
> include ../../Makefile.modules
> Index: auth_radius/authorize.c
> ===================================================================
> RCS file: /cvsroot/ser/sip_router/modules/auth_radius/authorize.c,v
> retrieving revision 1.10
> diff -d -u -d -u -r1.10 authorize.c
> --- auth_radius/authorize.c 2003/11/05 03:49:43 1.10
> +++ auth_radius/authorize.c 2003/12/09 12:19:25
> @@ -128,7 +128,7 @@
> /* Clear the rpid buffer from previous value */
> rpid.len = 0;
>
> - res = radius_authorize_sterman(&cred->digest, &_msg->first_line.u.request.method, &user, &rpid);
> + res = radius_authorize_sterman(_msg, &cred->digest, &_msg->first_line.u.request.method, &user, &rpid);
> pkg_free(user.s);
>
> if (res == 1) {
> Index: auth_radius/authrad_mod.c
> ===================================================================
> RCS file: /cvsroot/ser/sip_router/modules/auth_radius/authrad_mod.c,v
> retrieving revision 1.12
> diff -d -u -d -u -r1.12 authrad_mod.c
> --- auth_radius/authrad_mod.c 2003/09/11 22:00:27 1.12
> +++ auth_radius/authrad_mod.c 2003/12/09 12:19:25
> @@ -45,13 +45,18 @@
> #include "authrad_mod.h"
> #include "authorize.h"
> #include <radiusclient.h>
> -#include "dict.h"
> +#include "../../modules/acc/dict.h"
>
> MODULE_VERSION
>
> pre_auth_f pre_auth_func = 0; /* Pre authorization function from auth module */
> post_auth_f post_auth_func = 0; /* Post authorization function from auth module */
>
> +struct attr attrs[A_MAX];
> +struct val vals[V_MAX];
> +void *rh;
> +int ciscopec;
> +
> static int mod_init(void); /* Module initialization function */
> static int str_fixup(void** param, int param_no); /* char* -> str* */
>
> @@ -59,8 +64,8 @@
> /*
> * Module parameter variables
> */
> -char* radius_config = "/usr/local/etc/radiusclient/radiusclient.conf";
> -int service_type = PW_SIP_SESSION;
> +static char* radius_config = "/usr/local/etc/radiusclient/radiusclient.conf";
> +static int service_type = -1;
>
>
> /*
> @@ -103,25 +108,60 @@
> */
> static int mod_init(void)
> {
> + DICT_VENDOR *vend;
> +
> DBG("auth_radius - Initializing\n");
>
> - if (rc_read_config(radius_config) != 0) {
> + memset(attrs, 0, sizeof(attrs));
> + memset(attrs, 0, sizeof(vals));
> + attrs[A_SERVICE_TYPE].n = "Service-Type";
> + attrs[A_SIP_RPID].n = "Sip-RPId";
> + attrs[A_SIP_URI_USER].n = "Sip-URI-User";
> + attrs[A_DIGEST_RESPONSE].n = "Digest-Response";
> + attrs[A_DIGEST_ALGORITHM].n = "Digest-Algorithm";
> + attrs[A_DIGEST_BODY_DIGEST].n = "Digest-Body-Digest";
> + attrs[A_DIGEST_CNONCE].n = "Digest-CNonce";
> + attrs[A_DIGEST_NONCE_COUNT].n = "Digest-Nonce-Count";
> + attrs[A_DIGEST_QOP].n = "Digest-QOP";
> + attrs[A_DIGEST_METHOD].n = "Digest-Method";
> + attrs[A_DIGEST_URI].n = "Digest-URI";
> + attrs[A_DIGEST_NONCE].n = "Digest-Nonce";
> + attrs[A_DIGEST_REALM].n = "Digest-Realm";
> + attrs[A_DIGEST_USER_NAME].n = "Digest-User-Name";
> + attrs[A_USER_NAME].n = "User-Name";
> + attrs[A_CISCO_AVPAIR].n = "Cisco-AVPair";
> + vals[V_SIP_SESSION].n = "Sip-Session";
> +
> + if ((rh = rc_read_config(radius_config)) == NULL) {
> LOG(L_ERR, "auth_radius: Error opening configuration file \n");
> return -1;
> }
> -
> - if (rc_read_dictionary(rc_conf_str("dictionary")) != 0) {
> +
> + if (rc_read_dictionary(rh, rc_conf_str(rh, "dictionary")) != 0) {
> LOG(L_ERR, "auth_radius: Error opening dictionary file \n");
> return -2;
> }
>
> + vend = rc_dict_findvend(rh, "Cisco");
> + if (vend == NULL) {
> + LOG(L_ERR, "auth_radius: No `Cisco' vendor in Radius "
> + "dictionary\n");
> + return -3;
> + }
> + ciscopec = vend->vendorpec;
> +
> pre_auth_func = (pre_auth_f)find_export("pre_auth", 0, 0);
> post_auth_func = (post_auth_f)find_export("post_auth", 0, 0);
>
> if (!(pre_auth_func && post_auth_func)) {
> LOG(L_ERR, "auth_radius: This module requires auth module\n");
> - return -3;
> + return -4;
> }
> +
> + INIT_AV(rh, attrs, vals, "auth_radius", -5, -6);
> +
> + if (service_type != -1)
> + vals[V_SIP_SESSION].v = service_type;
>
> return 0;
> }
> Index: auth_radius/authrad_mod.h
> ===================================================================
> RCS file: /cvsroot/ser/sip_router/modules/auth_radius/authrad_mod.h,v
> retrieving revision 1.3
> diff -d -u -d -u -r1.3 authrad_mod.h
> --- auth_radius/authrad_mod.h 2003/05/02 12:21:54 1.3
> +++ auth_radius/authrad_mod.h 2003/12/09 12:19:25
> @@ -37,14 +37,12 @@
>
> #include "../auth/api.h"
>
> +extern struct attr attrs[];
> +extern struct val vals[];
> +extern void *rh;
> +extern int ciscopec;
>
> extern pre_auth_f pre_auth_func;
> extern post_auth_f post_auth_func;
>
> -/*
> - * Module parameter variables
> - */
> -extern char* radius_config; /* radiusclient configuration file */
> -extern int service_type; /* radius service type used for access request */
> -
> #endif /* AUTHRAD_MOD_H */
> Index: auth_radius/dict.h
> ===================================================================
> RCS file: dict.h
> diff -N dict.h
> --- /tmp/cvsmA0FVN Tue Dec 9 13:19:25 2003
> +++ /dev/null Tue Sep 4 15:27:29 2001
> @@ -1,66 +0,0 @@
> -/*
> - * $Id: dict.h,v 1.1 2003/09/11 22:00:27 janakj Exp $
> - *
> - * Digest Authentication - Radius support
> - * Definitions not found in radiusclient.h
> - *
> - * Copyright (C) 2001-2003 Fhg Fokus
> - *
> - * This file is part of ser, a free SIP server.
> - *
> - * ser is free software; you can redistribute it and/or modify
> - * it under the terms of the GNU General Public License as published by
> - * the Free Software Foundation; either version 2 of the License, or
> - * (at your option) any later version
> - *
> - * For a license to use the ser software under conditions
> - * other than those described here, or to purchase support for this
> - * software, please contact iptel.org by e-mail at the following addresses:
> - * info at iptel.org
> - *
> - * ser is distributed in the hope that it will be useful,
> - * but WITHOUT ANY WARRANTY; without even the implied warranty of
> - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> - * GNU General Public License for more details.
> - *
> - * You should have received a copy of the GNU General Public License
> - * along with this program; if not, write to the Free Software
> - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
> - *
> - * History:
> - * -------
> - * 2003-03-09: Based on ser_radius.h from radius_auth (janakj)
> - */
> -
> -/*
> - * WARNING: Don't forget to update the dictionary if you update the file !!!
> - */
> -
> -#ifndef DICT_H
> -#define DICT_H
> -
> -/* Service types */
> -#define PW_CALL_CHECK 10
> -#define PW_EMERGENCY_CALL 13
> -#define PW_SIP_SESSION 15
> -
> -/* Attributes*/
> -#define PW_DIGEST_RESPONSE 206 /* string */
> -#define PW_DIGEST_ATTRIBUTES 207 /* string */
> -
> -#define PW_SIP_URI_USER 208 /* string */
> -#define PW_SIP_RPID 213 /* string */
> -
> -#define PW_DIGEST_REALM 1063 /* string */
> -#define PW_DIGEST_NONCE 1064 /* string */
> -#define PW_DIGEST_METHOD 1065 /* string */
> -#define PW_DIGEST_URI 1066 /* string */
> -#define PW_DIGEST_QOP 1067 /* string */
> -#define PW_DIGEST_ALGORITHM 1068 /* string */
> -#define PW_DIGEST_BODY_DIGEST 1069 /* string */
> -#define PW_DIGEST_CNONCE 1070 /* string */
> -#define PW_DIGEST_NONCE_COUNT 1071 /* string */
> -#define PW_DIGEST_USER_NAME 1072 /* string */
> -
> -
> -#endif /* DICT_H */
> Index: auth_radius/sterman.c
> ===================================================================
> RCS file: /cvsroot/ser/sip_router/modules/auth_radius/sterman.c,v
> retrieving revision 1.7
> diff -d -u -d -u -r1.7 sterman.c
> --- auth_radius/sterman.c 2003/09/11 22:00:27 1.7
> +++ auth_radius/sterman.c 2003/12/09 12:19:25
> @@ -32,11 +32,12 @@
> */
>
>
> +#include <stdlib.h>
> #include <string.h>
> #include "../../mem/mem.h"
> #include "../../dprint.h"
> #include "../auth/api.h"
> -#include "dict.h"
> +#include "../../modules/acc/dict.h"
> #include "sterman.h"
> #include "authrad_mod.h"
> #include <radiusclient.h>
> @@ -49,12 +50,12 @@
> * which can be be used as a check item in the request. Service type of
> * the request is Authenticate-Only.
> */
> -int radius_authorize_sterman(dig_cred_t* _cred, str* _method, str* _user, str* _rpid)
> +int radius_authorize_sterman(struct sip_msg* _msg, dig_cred_t* _cred, str* _method, str* _user, str* _rpid)
> {
> static char msg[4096];
> VALUE_PAIR *send, *received, *vp;
> UINT4 service;
> - str method, user, user_name;
> + str method, user, user_name, callid;
> int i;
>
> send = received = 0;
> @@ -73,8 +74,8 @@
> */
>
> if (_cred->username.domain.len) {
> - if (!rc_avpair_add(&send, PW_USER_NAME, _cred->username.whole.s, _cred->username.whole.len)) {
> - LOG(L_ERR, "sterman(): Unable to add PW_USER_NAME attribute\n");
> + if (!rc_avpair_add(rh, &send, attrs[A_USER_NAME].v, _cred->username.whole.s, _cred->username.whole.len, 0)) {
> + LOG(L_ERR, "sterman(): Unable to add User-Name attribute\n");
> rc_avpair_free(send);
> return -2;
> }
> @@ -88,8 +89,8 @@
> memcpy(user_name.s, _cred->username.whole.s, _cred->username.whole.len);
> user_name.s[_cred->username.whole.len] = '@';
> memcpy(user_name.s + _cred->username.whole.len + 1, _cred->realm.s, _cred->realm.len);
> - if (!rc_avpair_add(&send, PW_USER_NAME, user_name.s, user_name.len)) {
> - LOG(L_ERR, "sterman(): Unable to add PW_USER_NAME attribute\n");
> + if (!rc_avpair_add(rh, &send, attrs[A_USER_NAME].v, user_name.s, user_name.len, 0)) {
> + LOG(L_ERR, "sterman(): Unable to add User-Name attribute\n");
> pkg_free(user_name.s);
> rc_avpair_free(send);
> return -4;
> @@ -97,30 +98,30 @@
> pkg_free(user_name.s);
> }
>
> - if (!rc_avpair_add(&send, PW_DIGEST_USER_NAME, _cred->username.whole.s, _cred->username.whole.len)) {
> - LOG(L_ERR, "sterman(): Unable to add PW_DIGEST_USER_NAME attribute\n");
> + if (!rc_avpair_add(rh, &send, attrs[A_DIGEST_USER_NAME].v, _cred->username.whole.s, _cred->username.whole.len, 0)) {
> + LOG(L_ERR, "sterman(): Unable to add Digest-User-Name attribute\n");
> rc_avpair_free(send);
> return -5;
> }
>
> - if (!rc_avpair_add(&send, PW_DIGEST_REALM, _cred->realm.s, _cred->realm.len)) {
> - LOG(L_ERR, "sterman(): Unable to add PW_DIGEST_REALM attribute\n");
> + if (!rc_avpair_add(rh, &send, attrs[A_DIGEST_REALM].v, _cred->realm.s, _cred->realm.len, 0)) {
> + LOG(L_ERR, "sterman(): Unable to add Digest-Realm attribute\n");
> rc_avpair_free(send);
> return -6;
> }
> - if (!rc_avpair_add(&send, PW_DIGEST_NONCE, _cred->nonce.s, _cred->nonce.len)) {
> - LOG(L_ERR, "sterman(): Unable to add PW_DIGEST_NONCE attribute\n");
> + if (!rc_avpair_add(rh, &send, attrs[A_DIGEST_NONCE].v, _cred->nonce.s, _cred->nonce.len, 0)) {
> + LOG(L_ERR, "sterman(): Unable to add Digest-Nonce attribute\n");
> rc_avpair_free(send);
> return -7;
> }
>
> - if (!rc_avpair_add(&send, PW_DIGEST_URI, _cred->uri.s, _cred->uri.len)) {
> - LOG(L_ERR, "sterman(): Unable to add PW_DIGEST_URI attribute\n");
> + if (!rc_avpair_add(rh, &send, attrs[A_DIGEST_URI].v, _cred->uri.s, _cred->uri.len, 0)) {
> + LOG(L_ERR, "sterman(): Unable to add Digest-URI attribute\n");
> rc_avpair_free(send);
> return -8;
> }
> - if (!rc_avpair_add(&send, PW_DIGEST_METHOD, method.s, method.len)) {
> - LOG(L_ERR, "sterman(): Unable to add PW_DIGEST_METHOD attribute\n");
> + if (!rc_avpair_add(rh, &send, attrs[A_DIGEST_METHOD].v, method.s, method.len, 0)) {
> + LOG(L_ERR, "sterman(): Unable to add Digest-Method attribute\n");
> rc_avpair_free(send);
> return -9;
> }
> @@ -129,39 +130,39 @@
> * Add the additional authentication fields according to the QOP.
> */
> if (_cred->qop.qop_parsed == QOP_AUTH) {
> - if (!rc_avpair_add(&send, PW_DIGEST_QOP, "auth", 4)) {
> - LOG(L_ERR, "sterman(): Unable to add PW_DIGEST_QOP attribute\n");
> + if (!rc_avpair_add(rh, &send, attrs[A_DIGEST_QOP].v, "auth", 4, 0)) {
> + LOG(L_ERR, "sterman(): Unable to add Digest-QOP attribute\n");
> rc_avpair_free(send);
> return -10;
> }
> - if (!rc_avpair_add(&send, PW_DIGEST_NONCE_COUNT, _cred->nc.s, _cred->nc.len)) {
> - LOG(L_ERR, "sterman(): Unable to add PW_DIGEST_NONCE_COUNT attribute\n");
> + if (!rc_avpair_add(rh, &send, attrs[A_DIGEST_NONCE_COUNT].v, _cred->nc.s, _cred->nc.len, 0)) {
> + LOG(L_ERR, "sterman(): Unable to add Digest-CNonce-Count attribute\n");
> rc_avpair_free(send);
> return -11;
> }
> - if (!rc_avpair_add(&send, PW_DIGEST_CNONCE, _cred->cnonce.s, _cred->cnonce.len)) {
> - LOG(L_ERR, "sterman(): Unable to add PW_DIGEST_CNONCE attribute\n");
> + if (!rc_avpair_add(rh, &send, attrs[A_DIGEST_CNONCE].v, _cred->cnonce.s, _cred->cnonce.len, 0)) {
> + LOG(L_ERR, "sterman(): Unable to add Digest-CNonce attribute\n");
> rc_avpair_free(send);
> return -12;
> }
> } else if (_cred->qop.qop_parsed == QOP_AUTHINT) {
> - if (!rc_avpair_add(&send, PW_DIGEST_QOP, "auth-int", 8)) {
> - LOG(L_ERR, "sterman(): Unable to add PW_DIGEST_QOP attribute\n");
> + if (!rc_avpair_add(rh, &send, attrs[A_DIGEST_QOP].v, "auth-int", 8, 0)) {
> + LOG(L_ERR, "sterman(): Unable to add Digest-QOP attribute\n");
> rc_avpair_free(send);
> return -13;
> }
> - if (!rc_avpair_add(&send, PW_DIGEST_NONCE_COUNT, _cred->nc.s, _cred->nc.len)) {
> - LOG(L_ERR, "sterman(): Unable to add PW_DIGEST_NONCE_COUNT attribute\n");
> + if (!rc_avpair_add(rh, &send, attrs[A_DIGEST_NONCE_COUNT].v, _cred->nc.s, _cred->nc.len, 0)) {
> + LOG(L_ERR, "sterman(): Unable to add Digest-Nonce-Count attribute\n");
> rc_avpair_free(send);
> return -14;
> }
> - if (!rc_avpair_add(&send, PW_DIGEST_CNONCE, _cred->cnonce.s, _cred->cnonce.len)) {
> - LOG(L_ERR, "sterman(): Unable to add PW_DIGEST_CNONCE attribute\n");
> + if (!rc_avpair_add(rh, &send, attrs[A_DIGEST_CNONCE].v, _cred->cnonce.s, _cred->cnonce.len, 0)) {
> + LOG(L_ERR, "sterman(): Unable to add Digest-CNonce attribute\n");
> rc_avpair_free(send);
> return -15;
> }
> - if (!rc_avpair_add(&send, PW_DIGEST_BODY_DIGEST, _cred->opaque.s, _cred->opaque.len)) {
> - LOG(L_ERR, "sterman(): Unable to add PW_DIGEST_BODY_DIGEST attribute\n");
> + if (!rc_avpair_add(rh, &send, attrs[A_DIGEST_BODY_DIGEST].v, _cred->opaque.s, _cred->opaque.len, 0)) {
> + LOG(L_ERR, "sterman(): Unable to add Digest-Body-Digest attribute\n");
> rc_avpair_free(send);
> return -16;
> }
> @@ -170,73 +171,60 @@
> /* send nothing for qop == "" */
> }
>
> - /*
> - * Now put everything place all the previous attributes into the
> - * PW_DIGEST_ATTRIBUTES
> - */
> -
> - /*
> - * Fix up Digest-Attributes issues see draft-sterman-aaa-sip-00
> - */
> - for (vp = send; vp; vp = vp->next) {
> - switch (vp->attribute) {
> - default:
> - break;
> -
> - /* Fall thru the know values */
> - case PW_DIGEST_REALM:
> - case PW_DIGEST_NONCE:
> - case PW_DIGEST_METHOD:
> - case PW_DIGEST_URI:
> - case PW_DIGEST_QOP:
> - case PW_DIGEST_ALGORITHM:
> - case PW_DIGEST_BODY_DIGEST:
> - case PW_DIGEST_CNONCE:
> - case PW_DIGEST_NONCE_COUNT:
> - case PW_DIGEST_USER_NAME:
> -
> - /* overlapping! */
> - memmove(&vp->strvalue[2], &vp->strvalue[0], vp->lvalue);
> - vp->strvalue[0] = vp->attribute - PW_DIGEST_REALM + 1;
> - vp->lvalue += 2;
> - vp->strvalue[1] = vp->lvalue;
> - vp->attribute = PW_DIGEST_ATTRIBUTES;
> - break;
> - }
> - }
> -
> /* Add the response... What to calculate against... */
> - if (!rc_avpair_add(&send, PW_DIGEST_RESPONSE, _cred->response.s, _cred->response.len)) {
> - LOG(L_ERR, "sterman(): Unable to add PW_DIGEST_RESPONSE attribute\n");
> + if (!rc_avpair_add(rh, &send, attrs[A_DIGEST_RESPONSE].v, _cred->response.s, _cred->response.len, 0)) {
> + LOG(L_ERR, "sterman(): Unable to add Digest-Response attribute\n");
> rc_avpair_free(send);
> return -17;
> }
>
> /* Indicate the service type, Authenticate only in our case */
> - service = service_type;
> - if (!rc_avpair_add(&send, PW_SERVICE_TYPE, &service, 0)) {
> - LOG(L_ERR, "sterman(): Unable to add PW_SERVICE_TYPE attribute\n");
> + service = vals[V_SIP_SESSION].v;
> + if (!rc_avpair_add(rh, &send, attrs[A_SERVICE_TYPE].v, &service, 0, 0)) {
> + LOG(L_ERR, "sterman(): Unable to add Service-Type attribute\n");
> rc_avpair_free(send);
> return -18;
> }
>
> /* Add SIP URI as a check item */
> - if (!rc_avpair_add(&send, PW_SIP_URI_USER, user.s, user.len)) {
> - LOG(L_ERR, "sterman(): Unable to add PW_SIP_URI_USER attribute\n");
> + if (!rc_avpair_add(rh, &send, attrs[A_SIP_URI_USER].v, user.s, user.len, 0)) {
> + LOG(L_ERR, "sterman(): Unable to add Sip-URI-User attribute\n");
> rc_avpair_free(send);
> return -19;
> }
> -
> +
> + /* Add SIP Call-ID as a Cisco VSA, like IOS does */
> + if (_msg->callid == NULL || _msg->callid->body.s == NULL) {
> + LOG(L_ERR, "sterman(): Call-ID is missed\n");
> + rc_avpair_free(send);
> + return -20;
> + }
> + callid.len = _msg->callid->body.len + 8;
> + callid.s = alloca(callid.len);
> + if (callid.s == NULL) {
> + LOG(L_ERR, "sterman(): No memory left\n");
> + rc_avpair_free(send);
> + return -21;
> + }
> + memcpy(callid.s, "call-id=", 8);
> + memcpy(callid.s + 8, _msg->callid->body.s, _msg->callid->body.len);
> + if (rc_avpair_add(rh, &send, attrs[A_CISCO_AVPAIR].v, callid.s,
> + callid.len, ciscopec) == 0) {
> + LOG(L_ERR, "sterman(): Unable to add Cisco-AVPair attribute\n");
> + rc_avpair_free(send);
> + return -22;
> + }
> +
> /* Send request */
> - if ((i = rc_auth(SIP_PORT, send, &received, msg)) == OK_RC) {
> + if ((i = rc_auth(rh, SIP_PORT, send, &received, msg)) == OK_RC) {
> DBG("radius_authorize_sterman(): Success\n");
> rc_avpair_free(send);
>
> /* Make a copy of rpid if available */
> - if ((vp = rc_avpair_get(received, PW_SIP_RPID))) {
> + if ((vp = rc_avpair_get(received, attrs[A_SIP_RPID].v, 0))) {
> if (MAX_RPID_LEN < vp->lvalue) {
> LOG(L_ERR, "radius_authorize_sterman(): rpid buffer too small\n");
> - return -20;
> + return -23;
> }
> memcpy(_rpid->s, vp->strvalue, vp->lvalue);
> _rpid->len = vp->lvalue;
> @@ -249,6 +237,6 @@
> DBG("radius_authorize_sterman(): Failure\n");
> rc_avpair_free(send);
> rc_avpair_free(received);
> - return -21;
> + return -24;
> }
> }
> Index: auth_radius/sterman.h
> ===================================================================
> RCS file: /cvsroot/ser/sip_router/modules/auth_radius/sterman.h,v
> retrieving revision 1.3
> diff -d -u -d -u -r1.3 sterman.h
> --- auth_radius/sterman.h 2003/04/28 22:04:33 1.3
> +++ auth_radius/sterman.h 2003/12/09 12:19:25
> @@ -45,6 +45,6 @@
> * which can be be used as a check item in the request. Service type of
> * the request is Authenticate-Only.
> */
> -int radius_authorize_sterman(dig_cred_t* _cred, str* _method, str* _user, str* _rpid);
> +int radius_authorize_sterman(struct sip_msg* _msg, dig_cred_t* _cred, str* _method, str* _user, str* _rpid);
>
> #endif /* STERMAN_H */
> Index: group_radius/Makefile
> ===================================================================
> RCS file: /cvsroot/ser/sip_router/modules/group_radius/Makefile,v
> retrieving revision 1.3
> diff -d -u -d -u -r1.3 Makefile
> --- group_radius/Makefile 2003/05/23 15:43:43 1.3
> +++ group_radius/Makefile 2003/12/09 12:19:25
> @@ -8,6 +8,7 @@
> include ../../Makefile.defs
> auto_gen=
> NAME=group_radius.so
> +DEFS+=-I$(LOCALBASE)/include
> LIBS=-L$(LOCALBASE)/lib -L/usr/pkg/lib -lradiusclient
>
> include ../../Makefile.modules
> Index: group_radius/dict.h
> ===================================================================
> RCS file: dict.h
> diff -N dict.h
> --- /tmp/cvs6nqAD9 Tue Dec 9 13:19:25 2003
> +++ /dev/null Tue Sep 4 15:27:29 2001
> @@ -1,47 +0,0 @@
> -/*
> - * $Id: dict.h,v 1.1 2003/09/11 22:02:02 janakj Exp $
> - *
> - * Group Membership - Radius
> - * Definitions not found in radiusclient.h
> - *
> - * Copyright (C) 2001-2003 Fhg Fokus
> - *
> - * This file is part of ser, a free SIP server.
> - *
> - * ser is free software; you can redistribute it and/or modify
> - * it under the terms of the GNU General Public License as published by
> - * the Free Software Foundation; either version 2 of the License, or
> - * (at your option) any later version
> - *
> - * For a license to use the ser software under conditions
> - * other than those described here, or to purchase support for this
> - * software, please contact iptel.org by e-mail at the following addresses:
> - * info at iptel.org
> - *
> - * ser is distributed in the hope that it will be useful,
> - * but WITHOUT ANY WARRANTY; without even the implied warranty of
> - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> - * GNU General Public License for more details.
> - *
> - * You should have received a copy of the GNU General Public License
> - * along with this program; if not, write to the Free Software
> - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
> - *
> - * History:
> - * -------
> - * 2003-03-09: Based on ser_radius.h from radius_auth (janakj)
> - */
> -
> -/*
> - * WARNING: Don't forget to update the dictionary if you update this file !!!
> - */
> -
> -#ifndef DICT_H
> -#define DICT_H
> -
> -/* Service-Type */
> -#define PW_GROUP_CHECK 12
> -
> -#define PW_SIP_GROUP 211 /* string */
> -
> -#endif /* DICT_H */
> Index: group_radius/group.c
> ===================================================================
> RCS file: /cvsroot/ser/sip_router/modules/group_radius/group.c,v
> retrieving revision 1.5
> diff -d -u -d -u -r1.5 group.c
> --- group_radius/group.c 2003/09/11 22:02:02 1.5
> +++ group_radius/group.c 2003/12/09 12:19:25
> @@ -44,7 +44,7 @@
> #include "../../parser/hf.h"
> #include "../../parser/digest/digest.h"
> #include "group.h"
> -#include "dict.h"
> +#include "../../modules/acc/dict.h"
> #include "grouprad_mod.h"
>
>
> @@ -191,8 +191,8 @@
> user_name = user;
> }
>
> - if (!rc_avpair_add(&send, PW_USER_NAME, user_name.s, user_name.len)) {
> - LOG(L_ERR, "radius_is_user_in(): Error adding PW_USER_NAME\n");
> + if (!rc_avpair_add(rh, &send, attrs[A_USER_NAME].v, user_name.s, user_name.len, 0)) {
> + LOG(L_ERR, "radius_is_user_in(): Error adding User-Name attribute\n");
> rc_avpair_free(send);
> if (use_domain) pkg_free(user_name.s);
> return -7;
> @@ -200,19 +200,19 @@
>
> if (use_domain) pkg_free(user_name.s);
>
> - if (!rc_avpair_add(&send, PW_SIP_GROUP, grp->s, grp->len)) {
> - LOG(L_ERR, "radius_is_user_in(): Error adding PW_SIP_GROUP\n");
> + if (!rc_avpair_add(rh, &send, attrs[A_SIP_GROUP].v, grp->s, grp->len, 0)) {
> + LOG(L_ERR, "radius_is_user_in(): Error adding Sip-Group attribute\n");
> return -8;
> }
>
> - service = PW_GROUP_CHECK;
> - if (!rc_avpair_add(&send, PW_SERVICE_TYPE, &service, 0)) {
> - LOG(L_ERR, "radius_is_user_in(): Error adding PW_SERVICE_TYPE\n");
> + service = vals[V_GROUP_CHECK].v;
> + if (!rc_avpair_add(rh, &send, attrs[A_SERVICE_TYPE].v, &service, 0, 0)) {
> + LOG(L_ERR, "radius_is_user_in(): Error adding Service-Type attribute\n");
> rc_avpair_free(send);
> return -9;
> }
>
> - if (rc_auth(0, send, &received, msg) == OK_RC) {
> + if (rc_auth(rh, 0, send, &received, msg) == OK_RC) {
> DBG("radius_is_user_in(): Success\n");
> rc_avpair_free(send);
> rc_avpair_free(received);
> Index: group_radius/grouprad_mod.c
> ===================================================================
> RCS file: /cvsroot/ser/sip_router/modules/group_radius/grouprad_mod.c,v
> retrieving revision 1.6
> diff -d -u -d -u -r1.6 grouprad_mod.c
> --- group_radius/grouprad_mod.c 2003/04/27 18:17:24 1.6
> +++ group_radius/grouprad_mod.c 2003/12/09 12:19:25
> @@ -40,11 +40,16 @@
> #include "../../dprint.h"
> #include "../../sr_module.h"
> #include "../../mem/mem.h"
> +#include "../../modules/acc/dict.h"
> #include "grouprad_mod.h"
> #include "group.h"
>
> MODULE_VERSION
>
> +void *rh;
> +struct attr attrs[A_MAX];
> +struct val vals[V_MAX];
> +
> static int mod_init(void); /* Module initialization function */
> static int hf_fixup(void** param, int param_no); /* Header field fixup */
>
> @@ -52,7 +57,7 @@
> /*
> * Module parameter variables
> */
> -char* radius_config = "/usr/local/etc/radiusclient/radiusclient.conf";
> +static char* radius_config = "/usr/local/etc/radiusclient/radiusclient.conf";
> int use_domain = 1; /* By default we use domain */
>
>
> @@ -93,16 +98,24 @@
> static int mod_init(void)
> {
> DBG("group_radius - initializing\n");
> -
> - if (rc_read_config(radius_config) != 0) {
> +
> + memset(attrs, 0, sizeof(attrs));
> + memset(attrs, 0, sizeof(vals));
> + attrs[A_SERVICE_TYPE].n = "Service-Type";
> + attrs[A_USER_NAME].n = "User-Name";
> + vals[V_GROUP_CHECK].n = "Group-Check";
> +
> + if ((rh = rc_read_config(radius_config)) == NULL) {
> LOG(L_ERR, "group_radius: Error opening configuration file \n");
> return -1;
> }
>
> - if (rc_read_dictionary(rc_conf_str("dictionary")) != 0) {
> + if (rc_read_dictionary(rh, rc_conf_str(rh, "dictionary")) != 0) {
> LOG(L_ERR, "group_radius: Error opening dictionary file \n");
> return -2;
> }
> +
> + INIT_AV(rh, attrs, vals, "group_radius", -3, -4);
>
> return 0;
> }
> Index: group_radius/grouprad_mod.h
> ===================================================================
> RCS file: /cvsroot/ser/sip_router/modules/group_radius/grouprad_mod.h,v
> retrieving revision 1.3
> diff -d -u -d -u -r1.3 grouprad_mod.h
> --- group_radius/grouprad_mod.h 2003/03/12 21:47:49 1.3
> +++ group_radius/grouprad_mod.h 2003/12/09 12:19:25
> @@ -34,10 +34,13 @@
> #ifndef GROUPRAD_MOD_H
> #define GROUPRAD_MOD_H
>
> +extern struct attr attrs[];
> +extern struct val vals[];
> +extern void *rh;
> +
> /*
> * Module parameter variables
> */
> -extern char* radius_config; /* radiusclient configuration file */
> extern int use_domain; /* Should we use also domain ? */
>
> #endif /* GROUPRAD_MOD_H */
> Index: uri_radius/Makefile
> ===================================================================
> RCS file: /cvsroot/ser/sip_router/modules/uri_radius/Makefile,v
> retrieving revision 1.3
> diff -d -u -d -u -r1.3 Makefile
> --- uri_radius/Makefile 2003/05/23 15:43:44 1.3
> +++ uri_radius/Makefile 2003/12/09 12:19:25
> @@ -8,6 +8,7 @@
> include ../../Makefile.defs
> auto_gen=
> NAME=uri_radius.so
> +DEFS+=-I$(LOCALBASE)/include
> LIBS=-L$(LOCALBASE)/lib -L/usr/pkg/lib -lradiusclient
>
> include ../../Makefile.modules
> Index: uri_radius/checks.c
> ===================================================================
> RCS file: /cvsroot/ser/sip_router/modules/uri_radius/checks.c,v
> retrieving revision 1.3
> diff -d -u -d -u -r1.3 checks.c
> --- uri_radius/checks.c 2003/09/11 22:03:58 1.3
> +++ uri_radius/checks.c 2003/12/09 12:19:25
> @@ -35,7 +35,7 @@
> #include "../../mem/mem.h"
> #include "../../parser/parse_uri.h"
> #include "../../dprint.h"
> -#include "dict.h"
> +#include "../../modules/acc/dict.h"
> #include "checks.h"
> #include "urirad_mod.h"
> #include <radiusclient.h>
> @@ -74,22 +74,22 @@
> at += _m->parsed_uri.host.len;
> *at = '\0';
>
> - if (!rc_avpair_add(&send, PW_USER_NAME, uri, 0)) {
> + if (!rc_avpair_add(rh, &send, attrs[A_USER_NAME].v, uri, 0, 0)) {
> LOG(L_ERR, "radius_does_uri_exist(): Error adding User-Name\n");
> rc_avpair_free(send);
> pkg_free(uri);
> return -3;
> }
>
> - service = service_type;
> - if (!rc_avpair_add(&send, PW_SERVICE_TYPE, &service, 0)) {
> + service = vals[V_CALL_CHECK].v;
> + if (!rc_avpair_add(rh, &send, attrs[A_SERVICE_TYPE].v, &service, 0, 0)) {
> LOG(L_ERR, "radius_does_uri_exist(): Error adding service type\n");
> rc_avpair_free(send);
> pkg_free(uri);
> return -4;
> }
>
> - if (rc_auth(0, send, &received, msg) == OK_RC) {
> + if (rc_auth(rh, 0, send, &received, msg) == OK_RC) {
> DBG("radius_does_uri_exist(): Success\n");
> rc_avpair_free(send);
> rc_avpair_free(received);
> Index: uri_radius/dict.h
> ===================================================================
> RCS file: dict.h
> diff -N dict.h
> --- /tmp/cvsMz7uyT Tue Dec 9 13:19:25 2003
> +++ /dev/null Tue Sep 4 15:27:29 2001
> @@ -1,44 +0,0 @@
> -/*
> - * $Id: dict.h,v 1.1 2003/09/11 22:03:58 janakj Exp $
> - *
> - * Group Membership - RADIUS
> - * Definitions not found in radiusclient.h
> - *
> - * Copyright (C) 2001-2003 Fhg Fokus
> - *
> - * This file is part of ser, a free SIP server.
> - *
> - * ser is free software; you can redistribute it and/or modify
> - * it under the terms of the GNU General Public License as published by
> - * the Free Software Foundation; either version 2 of the License, or
> - * (at your option) any later version
> - *
> - * For a license to use the ser software under conditions
> - * other than those described here, or to purchase support for this
> - * software, please contact iptel.org by e-mail at the following addresses:
> - * info at iptel.org
> - *
> - * ser is distributed in the hope that it will be useful,
> - * but WITHOUT ANY WARRANTY; without even the implied warranty of
> - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> - * GNU General Public License for more details.
> - *
> - * You should have received a copy of the GNU General Public License
> - * along with this program; if not, write to the Free Software
> - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
> - *
> - * History:
> - * -------
> - * 2003-03-09: Based on ser_radius.h from radius_auth (janakj)
> - */
> -
> -/*
> - * WARNING: Don't forget to update the dictionary if you update this file !!!
> - */
> -
> -#ifndef DICT_H
> -#define DICT_H
> -
> -#define PW_CALL_CHECK 10
> -
> -#endif /* DICT_H */
> Index: uri_radius/urirad_mod.c
> ===================================================================
> RCS file: /cvsroot/ser/sip_router/modules/uri_radius/urirad_mod.c,v
> retrieving revision 1.5
> diff -d -u -d -u -r1.5 urirad_mod.c
> --- uri_radius/urirad_mod.c 2003/09/11 22:03:58 1.5
> +++ uri_radius/urirad_mod.c 2003/12/09 12:19:25
> @@ -36,11 +36,14 @@
> #include "../../sr_module.h"
> #include "urirad_mod.h"
> #include "checks.h"
> -#include "dict.h"
> +#include "../../modules/acc/dict.h"
> #include <radiusclient.h>
>
> MODULE_VERSION
>
> +struct attr attrs[A_MAX];
> +struct val vals[V_MAX];
> +void *rh;
>
> static int mod_init(void); /* Module initialization function */
>
> @@ -48,8 +51,8 @@
> /*
> * Module parameter variables
> */
> -char* radius_config = "/usr/local/etc/radiusclient/radiusclient.conf";
> -int service_type = PW_CALL_CHECK;
> +static char* radius_config = "/usr/local/etc/radiusclient/radiusclient.conf";
> +static int service_type = -1;
>
> /*
> * Exported functions
> @@ -88,16 +91,27 @@
> static int mod_init(void)
> {
> DBG("uri_radius - initializing\n");
> -
> - if (rc_read_config(radius_config) != 0) {
> +
> + memset(attrs, 0, sizeof(attrs));
> + memset(attrs, 0, sizeof(vals));
> + attrs[A_SERVICE_TYPE].n = "Service-Type";
> + attrs[A_USER_NAME].n = "User-Name";
> + vals[V_CALL_CHECK].n = "Call-Check";
> +
> + if ((rh = rc_read_config(radius_config)) == NULL) {
> LOG(L_ERR, "uri_radius: Error opening configuration file \n");
> return -1;
> }
>
> - if (rc_read_dictionary(rc_conf_str("dictionary")) != 0) {
> + if (rc_read_dictionary(rh, rc_conf_str(rh, "dictionary")) != 0) {
> LOG(L_ERR, "uri_radius: Error opening dictionary file \n");
> return -2;
> }
> +
> + INIT_AV(rh, attrs, vals, "uri_radius", -3, -4);
> +
> + if (service_type != -1)
> + vals[V_CALL_CHECK].v = service_type;
>
> return 0;
> }
> Index: uri_radius/urirad_mod.h
> ===================================================================
> RCS file: /cvsroot/ser/sip_router/modules/uri_radius/urirad_mod.h,v
> retrieving revision 1.2
> diff -d -u -d -u -r1.2 urirad_mod.h
> --- uri_radius/urirad_mod.h 2003/05/02 12:20:59 1.2
> +++ uri_radius/urirad_mod.h 2003/12/09 12:19:25
> @@ -34,10 +34,8 @@
> #ifndef URIRAD_MOD_H
> #define URIRAD_MOD_H
>
> -/*
> - * Module parameter variables
> - */
> -extern char* radius_config; /* radiusclient configuration file */
> -extern int service_type; /* radius service type for uri check */
> +extern struct attr attrs[];
> +extern struct val vals[];
> +extern void *rh;
>
> #endif /* URIRAD_MOD_H */
More information about the sr-users
mailing list