[Serusers] New known problems with radius_auth module

Jan Janak J.Janak at sh.cvut.cz
Mon Mar 3 22:06:50 CET 2003 

Hello,

First, radius_auth module is currently being heavily refurbished. We
will include the new version in the upcomming release.

On 03-03 16:51, Bjoern Zuelch wrote:
> Hi all,
> 
> i have found some probs with the radius_auth module in ser.
> the ane in the function authorize() in file authorize.c :
> 
> when calling the function check_nonce this function returns always that the
> two nonce's (given and new generated one are not the same. But if we compare
> the two nonce's manually both are the same. I replaced the memcmp function
> with the strcmp funtion,but nothings changes. So there is may a missing \0
> at the end of the strings.

  Most of the code in ser doesn't use zero terminated strings, we store
  length of strings in separate variable.

> Next problem is in the function check_response:
> On Solaris we have no freeradiusd ,so I replaced it through
> radius_authorize(...).
> If the function radius_authorize is called, the radiusmessage will be
> created through calling the function rc_avpair_add(...). All is fine if it
> will be standard radius-attributes. when the first sip-specific attribute is
> comming the rc_avpair_add funtions returns -1. I followed this problem and
> find out that in the radiusclient-lib. in function
> rc_avpair_assign(avpair.c)/rc_avpair_new(avpair.c) only attributes of the
> types PW_TYPE_STRING, PW_TYPE_DATE, PW_TYPE_INTEGER, PW_TYPE_IPADDR are
> reccognised. If a PW_SIP_USER_ID attribute or other specific Sip attributes
> will be added to the radiusmessage, this function returns with error message
> "UNKNOWN ATTIBUTE TYPE" and no radius-authentification is done....
> ....
> RADIUS: rc_avpair_new MALLOC erfolgreich
> RADIUS: rc_avpair_assign type=0
> RADIUS rc_avpair_assign result=0
> RADIUS: rc_avpair_new unknown attribute 110
> RADIUS: VALUEPAIR insert fehgeschlagen.!!!
> check_cred(): returnvalue of radius_authorize()=-1
> ....
> One possibility is that, I add the PW_SIP_* attributes to the radiusclient
> and look, if it run.
> 
> The next Problem may be, that the radius server does not understand the sip
> specific attributes, if we not use freeradius.

   Yes, if you will have to extend the server's dictionary if it doesn't
   support SIP specific attributes.

    regards, Jan.

> 
> 
> Gruß Bjoern
> 
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20030303/25f89298/attachment.pgp>

More information about the sr-users mailing list