? acc/a ? acc/c ? acc/dict.h,v ? auth_radius/dict.h_ Index: acc/Makefile =================================================================== RCS file: /cvsroot/ser/sip_router/modules/acc/Makefile,v retrieving revision 1.17 diff -d -u -d -u -r1.17 Makefile --- acc/Makefile 2003/12/05 14:30:23 1.17 +++ acc/Makefile 2003/12/08 21:50:08 @@ -14,7 +14,7 @@ #DEFS+=-DSQL_ACC # uncomment the next two lines if you wish to enable RADIUS accounting -#DEFS+=-DRAD_ACC +DEFS+=-DRAD_ACC -I$(LOCALBASE)/include # uncomment the next two lines if you wish to enable DIAMETER accounting #DEFS+=-DDIAM_ACC Index: acc/acc.c =================================================================== RCS file: /cvsroot/ser/sip_router/modules/acc/acc.c,v retrieving revision 1.20 diff -d -u -d -u -r1.20 acc.c --- acc/acc.c 2003/11/24 19:18:21 1.20 +++ acc/acc.c 2003/12/08 21:50:08 @@ -72,9 +72,9 @@ #ifdef RAD_ACC /* caution: keep these aligned to RAD_ACC_FMT !! */ -static int rad_attr[] = { PW_CALLING_STATION_ID, PW_CALLED_STATION_ID, - PW_SIP_TRANSLATED_REQ_ID, PW_ACCT_SESSION_ID, PW_SIP_TO_TAG, - PW_SIP_FROM_TAG, PW_SIP_CSEQ }; +static int rad_attr[] = { A_CALLING_STATION_ID, A_CALLED_STATION_ID, + A_SIP_TRANSLATED_REQUEST_URI, A_ACCT_SESSION_ID, A_SIP_TO_TAG, + A_SIP_FROM_TAG, A_SIP_CSEQ }; #endif #ifdef DIAM_ACC @@ -551,14 +551,14 @@ code=phrase2code(phrase); if (code==0) - return PW_STATUS_FAILED; + return vals[V_STATUS_FAILED].v; if ((rq->REQ_METHOD==METHOD_INVITE || rq->REQ_METHOD==METHOD_ACK) && code>=200 && code<300) - return PW_STATUS_START; + return vals[V_STATUS_START].v; if ((rq->REQ_METHOD==METHOD_BYE || rq->REQ_METHOD==METHOD_CANCEL)) - return PW_STATUS_STOP; - return PW_STATUS_FAILED; + return vals[V_STATUS_STOP].v; + return vals[V_STATUS_FAILED].v; } int acc_rad_request( struct sip_msg *rq, struct hdr_field *to, @@ -594,24 +594,24 @@ } av_type=rad_status(rq, phrase); - if (!rc_avpair_add(&send, PW_ACCT_STATUS_TYPE, &av_type,0)) { + if (!rc_avpair_add(rh, &send, attrs[A_ACCT_STATUS_TYPE].v, &av_type,0, 0)) { LOG(L_ERR, "ERROR: acc_rad_request: add STATUS_TYPE\n"); goto error; } - av_type=service_type; - if (!rc_avpair_add(&send, PW_SERVICE_TYPE, &av_type,0)) { + av_type=vals[V_SIP_SESSION].v; + if (!rc_avpair_add(rh, &send, attrs[A_SERVICE_TYPE].v, &av_type,0, 0)) { LOG(L_ERR, "ERROR: acc_rad_request: add STATUS_TYPE\n"); goto error; } av_type=phrase2code(phrase); /* status=integer */ /* if (phrase.len<3) c=nullcode; else { memcpy(ccode, phrase.s, 3); ccode[3]=0;c=nullcode;} */ - if (!rc_avpair_add(&send, PW_SIP_RESPONSE_CODE, &av_type,0)) { + if (!rc_avpair_add(rh, &send, attrs[A_SIP_RESPONSE_CODE].v, &av_type,0, 0)) { LOG(L_ERR, "ERROR: acc_rad_request: add RESPONSE_CODE\n"); goto error; } av_type=rq->REQ_METHOD; - if (!rc_avpair_add(&send, PW_SIP_METHOD, &av_type,0)) { + if (!rc_avpair_add(rh, &send, attrs[A_SIP_METHOD].v, &av_type,0, 0)) { LOG(L_ERR, "ERROR: acc_rad_request: add SIP_METHOD\n"); goto error; } @@ -629,10 +629,10 @@ memcpy(user_name.s, user->s, user->len); user_name.s[user->len] = '@'; memcpy(user_name.s+user->len+1, realm->s, realm->len); - if (!rc_avpair_add(&send, PW_USER_NAME, - user_name.s, user_name.len)) { + if (!rc_avpair_add(rh, &send, attrs[A_USER_NAME].v, + user_name.s, user_name.len, 0)) { LOG(L_ERR, "ERROR: acc_rad_request: rc_avpaid_add " - "failed for %d\n", PW_USER_NAME ); + "failed for %d\n", attrs[A_USER_NAME].v ); pkg_free(user_name.s); goto error; } @@ -640,10 +640,10 @@ } else { user_name.len = user->len; user_name.s = user->s; - if (!rc_avpair_add(&send, PW_USER_NAME, - user_name.s, user_name.len)) { + if (!rc_avpair_add(rh, &send, attrs[A_USER_NAME].v, + user_name.s, user_name.len, 0)) { LOG(L_ERR, "ERROR: acc_rad_request: rc_avpaid_add " - "failed for %d\n", PW_USER_NAME ); + "failed for %d\n", attrs[A_USER_NAME].v ); goto error; } } @@ -662,10 +662,10 @@ memcpy(user_name.s, puri.user.s, puri.user.len); user_name.s[puri.user.len] = '@'; memcpy(user_name.s+puri.user.len+1, puri.host.s, puri.host.len); - if (!rc_avpair_add(&send, PW_USER_NAME, - user_name.s, user_name.len)) { + if (!rc_avpair_add(rh, &send, attrs[A_USER_NAME].v, + user_name.s, user_name.len, 0)) { LOG(L_ERR, "ERROR: acc_rad_request: rc_avpaid_add " - "failed for %d\n", PW_USER_NAME ); + "failed for %d\n", attrs[A_USER_NAME].v ); pkg_free(user_name.s); goto error; } @@ -673,25 +673,25 @@ } else { user_name.len = na.len; user_name.s = na.s; - if (!rc_avpair_add(&send, PW_USER_NAME, - user_name.s, user_name.len)) { + if (!rc_avpair_add(rh, &send, attrs[A_USER_NAME].v, + user_name.s, user_name.len, 0)) { LOG(L_ERR, "ERROR: acc_rad_request: rc_avpaid_add " - "failed for %d\n", PW_USER_NAME ); + "failed for %d\n", attrs[A_USER_NAME].v ); goto error; } } } /* Remaining attributes from rad_attr vector */ for(i=0; is,val_arr[i]->len)) { + if (!rc_avpair_add(rh, &send, attrs[rad_attr[i]].v, + val_arr[i]->s,val_arr[i]->len, 0)) { LOG(L_ERR, "ERROR: acc_rad_request: rc_avpaid_add " - "failed for %d\n", rad_attr[i] ); + "failed for %s\n", attrs[rad_attr[i]].n ); goto error; } } - if (rc_acct(SIP_PORT, send)!=OK_RC) { + if (rc_acct(rh, SIP_PORT, send)!=OK_RC) { LOG(L_ERR, "ERROR: acc_rad_request: radius-ing failed\n"); goto error; } Index: acc/acc.h =================================================================== RCS file: /cvsroot/ser/sip_router/modules/acc/acc.h,v retrieving revision 1.11 diff -d -u -d -u -r1.11 acc.h --- acc/acc.h 2003/11/24 19:18:21 1.11 +++ acc/acc.h 2003/12/08 21:50:08 @@ -100,7 +100,8 @@ #ifdef RAD_ACC -extern int service_type; +extern struct attr attrs[]; +extern struct val vals[]; #endif Index: acc/acc_mod.c =================================================================== RCS file: /cvsroot/ser/sip_router/modules/acc/acc_mod.c,v retrieving revision 1.31 diff -d -u -d -u -r1.31 acc_mod.c --- acc/acc_mod.c 2003/12/05 14:30:23 1.31 +++ acc/acc_mod.c 2003/12/08 21:50:08 @@ -110,7 +110,10 @@ char *radius_config = "/usr/local/etc/radiusclient/radiusclient.conf"; int radius_flag = 0; int radius_missed_flag = 0; -int service_type = PW_SIP_SESSION; +static int service_type = -1; +void *rh; +struct attr attrs[A_MAX]; +struct val vals[V_MAX]; #endif /* DIAMETER */ @@ -312,18 +315,73 @@ #endif #ifdef RAD_ACC + memset(attrs, 0, sizeof(attrs)); + memset(attrs, 0, sizeof(vals)); + attrs[A_CALLING_STATION_ID].n = "Calling-Station-Id"; + attrs[A_CALLED_STATION_ID].n = "Called-Station-Id"; + attrs[A_SIP_TRANSLATED_REQUEST_URI].n = "Sip-Translated-Request-URI"; + attrs[A_ACCT_SESSION_ID].n = "Acct-Session-Id"; + attrs[A_SIP_TO_TAG].n = "Sip-To-Tag"; + attrs[A_SIP_FROM_TAG].n = "Sip-From-Tag"; + attrs[A_SIP_CSEQ].n = "Sip-CSeq"; + attrs[A_ACCT_STATUS_TYPE].n = "Acct-Status-Type"; + attrs[A_SERVICE_TYPE].n = "Service-Type"; + attrs[A_SIP_RESPONSE_CODE].n = "Sip-Response-Code"; + attrs[A_SIP_METHOD].n = "Sip-Method"; + attrs[A_USER_NAME].n = "User-Name"; + + vals[V_STATUS_START].n = "Start"; + vals[V_STATUS_STOP].n = "Stop"; + vals[V_STATUS_FAILED].n = "Failed"; + vals[V_SIP_SESSION].n = "Sip-Session"; + /* open log */ rc_openlog("ser"); + /* init */ + rh = rc_new(); + if (rh == NULL) { + LOG(L_ERR, "acc: Error initialising Radius Client " + "library\n"); + return -1; + } /* read config */ - if (rc_read_config(radius_config)!=0) { + if (rc_read_config(rh, radius_config)!=0) { LOG(L_ERR, "ERROR: acc: error opening radius config file: %s\n", radius_config ); return -1; } /* read dictionary */ - if (rc_read_dictionary(rc_conf_str("dictionary"))!=0) { + if (rc_read_dictionary(rh, rc_conf_str(rh, "dictionary"))!=0) { LOG(L_ERR, "ERROR: acc: error reading radius dictionary\n"); return -1; + } + INIT_AV(rh, attrs, vals, "acc"); +#if 0 + for (i = 0; i < A_MAX; i++) { + if (attrs[i].n == NULL) + continue; + dattr = rc_dict_findattr(rh, attrs[i].n); + if (dattr == NULL) { + LOG(L_ERR, "ERROR: acc: can't get code for the %s " + "attribute\n", attrs[i].n); + return -1; + } + attrs[i].v = dattr->value; + } + for (i = 0; i < V_MAX; i++) { + if (vals[i].n == NULL) + continue; + dval = rc_dict_findval(rh, vals[i].n); + if (dval == NULL) { + LOG(L_ERR, "ERROR: acc: can't get code for the %s " + "attribute value\n", vals[i].n); + return -1; + } + vals[i].v = dval->value; + } +#endif + if (service_type != -1) { + vals[V_SIP_SESSION].v = service_type; } #endif Index: acc/acc_mod.h =================================================================== RCS file: /cvsroot/ser/sip_router/modules/acc/acc_mod.h,v retrieving revision 1.11 diff -d -u -d -u -r1.11 acc_mod.h --- acc/acc_mod.h 2003/11/24 19:18:21 1.11 +++ acc/acc_mod.h 2003/12/08 21:50:08 @@ -54,6 +54,7 @@ extern int radius_flag; extern int radius_missed_flag; extern int service_type; +extern void *rh; #endif #ifdef DIAM_ACC Index: acc/dict.h =================================================================== RCS file: /cvsroot/ser/sip_router/modules/acc/dict.h,v retrieving revision 1.3 diff -d -u -d -u -r1.3 dict.h --- acc/dict.h 2003/09/11 21:53:36 1.3 +++ acc/dict.h 2003/12/08 21:50:08 @@ -34,17 +34,82 @@ #ifndef _DICT_H #define _DICT_H -#define PW_SIP_METHOD 101 /* integer */ -#define PW_SIP_RESPONSE_CODE 102 /* integer */ -#define PW_SIP_CSEQ 103 /* string */ -#define PW_SIP_TO_TAG 104 /* string */ -#define PW_SIP_FROM_TAG 105 /* string */ -#define PW_SIP_BRANCH_ID 106 /* string -- Not used */ -#define PW_SIP_TRANSLATED_REQ_ID 107 /* string */ -#define PW_SIP_SOURCE_IP_ADDRESS 108 /* ipaddr -- Not used */ -#define PW_SIP_SOURCE_PORT 109 /* integer -- Not used */ +struct attr { + const char *n; + int v; +}; -#define PW_SIP_SESSION 15 /* SIP service-type */ -#define PW_STATUS_FAILED 15 +struct val { + const char *n; + int v; +}; + +#define A_USER_NAME 0 +#define A_SERVICE_TYPE 1 +#define A_CALLED_STATION_ID 2 +#define A_CALLING_STATION_ID 3 +#define A_ACCT_STATUS_TYPE 4 +#define A_ACCT_SESSION_ID 5 +#define A_SIP_METHOD 6 +#define A_SIP_RESPONSE_CODE 7 +#define A_SIP_CSEQ 8 +#define A_SIP_TO_TAG 9 +#define A_SIP_FROM_TAG 10 +#define A_SIP_TRANSLATED_REQUEST_URI 11 +#define A_DIGEST_RESPONSE 12 +#define A_DIGEST_ATTRIBUTES 13 +#define A_SIP_URI_USER 14 +#define A_SIP_RPID 15 +#define A_DIGEST_REALM 16 +#define A_DIGEST_NONCE 17 +#define A_DIGEST_METHOD 18 +#define A_DIGEST_URI 19 +#define A_DIGEST_QOP 20 +#define A_DIGEST_ALGORITHM 21 +#define A_DIGEST_BODY_DIGEST 22 +#define A_DIGEST_CNONCE 23 +#define A_DIGEST_NONCE_COUNT 24 +#define A_DIGEST_USER_NAME 25 +#define A_CISCO_AVPAIR 26 +#define A_MAX 26 + +#define V_STATUS_START 0 +#define V_STATUS_STOP 1 +#define V_STATUS_FAILED 2 +#define V_CALL_CHECK 3 +#define V_EMERGENCY_CALL 4 +#define V_SIP_SESSION 5 +#define V_MAX 5 + +#define INIT_AV(rh, at, vl, fn) \ +{ \ + int i; \ + DICT_ATTR *da; \ + DICT_VALUE *dv; \ + \ + for (i = 0; i < A_MAX; i++) { \ + if (at[i].n == NULL) \ + continue; \ + da = rc_dict_findattr(rh, at[i].n); \ + if (da == NULL) { \ + LOG(L_ERR, "ERROR: %s: can't get code for the " \ + "%s attribute\n", fn, at[i].n); \ + return -1; \ + } \ + at[i].v = da->value; \ + } \ + for (i = 0; i < V_MAX; i++) { \ + if (vl[i].n == NULL) \ + continue; \ + dv = rc_dict_findval(rh, vl[i].n); \ + if (dv == NULL) { \ + LOG(L_ERR, "ERROR: %s: can't get code for the " \ + "%s attribute value\n", fn, vl[i].n);\ + return -1; \ + } \ + vl[i].v = dv->value; \ + } \ +} + #endif Index: acc/etc/sip_dictionary =================================================================== RCS file: /cvsroot/ser/sip_router/modules/acc/etc/sip_dictionary,v retrieving revision 1.1 diff -d -u -d -u -r1.1 sip_dictionary --- acc/etc/sip_dictionary 2003/04/05 14:05:19 1.1 +++ acc/etc/sip_dictionary 2003/12/08 21:50:08 @@ -23,6 +23,9 @@ # 7 = 1 (integer encoding) # +VENDOR Cisco 9 +ATTRIBUTE Cisco-AVPair 1 string Cisco + # # Following are the proper new names. Use these. # @@ -165,6 +168,8 @@ VALUE Service-Type Outbound-User 5 VALUE Service-Type Administrative-User 6 VALUE Service-Type NAS-Prompt-User 7 +VALUE Service-Type Call-Check 10 +VALUE Service-Type Sip-Session 15 # Framed Protocols @@ -196,6 +201,7 @@ VALUE Acct-Status-Type Stop 2 VALUE Acct-Status-Type Accounting-On 7 VALUE Acct-Status-Type Accounting-Off 8 +VALUE Acct-Status-Type Failed 15 # Authentication Types Index: auth_radius/Makefile =================================================================== RCS file: /cvsroot/ser/sip_router/modules/auth_radius/Makefile,v retrieving revision 1.4 diff -d -u -d -u -r1.4 Makefile --- auth_radius/Makefile 2003/05/23 15:43:42 1.4 +++ auth_radius/Makefile 2003/12/08 21:50:08 @@ -8,6 +8,7 @@ include ../../Makefile.defs auto_gen= NAME=auth_radius.so +DEFS+=-I$(LOCALBASE)/include LIBS=-L$(LOCALBASE)/lib -L/usr/pkg/lib -lradiusclient include ../../Makefile.modules Index: auth_radius/authorize.c =================================================================== RCS file: /cvsroot/ser/sip_router/modules/auth_radius/authorize.c,v retrieving revision 1.10 diff -d -u -d -u -r1.10 authorize.c --- auth_radius/authorize.c 2003/11/05 03:49:43 1.10 +++ auth_radius/authorize.c 2003/12/08 21:50:08 @@ -128,7 +128,7 @@ /* Clear the rpid buffer from previous value */ rpid.len = 0; - res = radius_authorize_sterman(&cred->digest, &_msg->first_line.u.request.method, &user, &rpid); + res = radius_authorize_sterman(_msg, &cred->digest, &_msg->first_line.u.request.method, &user, &rpid); pkg_free(user.s); if (res == 1) { Index: auth_radius/authrad_mod.c =================================================================== RCS file: /cvsroot/ser/sip_router/modules/auth_radius/authrad_mod.c,v retrieving revision 1.12 diff -d -u -d -u -r1.12 authrad_mod.c --- auth_radius/authrad_mod.c 2003/09/11 22:00:27 1.12 +++ auth_radius/authrad_mod.c 2003/12/08 21:50:08 @@ -45,13 +45,18 @@ #include "authrad_mod.h" #include "authorize.h" #include -#include "dict.h" +#include "../../modules/acc/dict.h" MODULE_VERSION pre_auth_f pre_auth_func = 0; /* Pre authorization function from auth module */ post_auth_f post_auth_func = 0; /* Post authorization function from auth module */ +struct attr attrs[A_MAX]; +struct val vals[V_MAX]; +void *rh; +int ciscopec; + static int mod_init(void); /* Module initialization function */ static int str_fixup(void** param, int param_no); /* char* -> str* */ @@ -60,7 +65,7 @@ * Module parameter variables */ char* radius_config = "/usr/local/etc/radiusclient/radiusclient.conf"; -int service_type = PW_SIP_SESSION; +static int service_type = -1; /* @@ -103,25 +108,67 @@ */ static int mod_init(void) { + DICT_VENDOR *vend; + DBG("auth_radius - Initializing\n"); - if (rc_read_config(radius_config) != 0) { - LOG(L_ERR, "auth_radius: Error opening configuration file \n"); + memset(attrs, 0, sizeof(attrs)); + memset(attrs, 0, sizeof(vals)); + attrs[A_SERVICE_TYPE].n = "Service-Type"; + attrs[A_SIP_RPID].n = "Sip-RPId"; + attrs[A_SIP_URI_USER].n = "Sip-URI-User"; + attrs[A_DIGEST_RESPONSE].n = "Digest-Response"; + attrs[A_DIGEST_ALGORITHM].n = "Digest-Algorithm"; + attrs[A_DIGEST_BODY_DIGEST].n = "Digest-Body-Digest"; + attrs[A_DIGEST_CNONCE].n = "Digest-CNonce"; + attrs[A_DIGEST_NONCE_COUNT].n = "Digest-Nonce-Count"; + attrs[A_DIGEST_QOP].n = "Digest-QOP"; + attrs[A_DIGEST_METHOD].n = "Digest-Method"; + attrs[A_DIGEST_URI].n = "Digest-URI"; + attrs[A_DIGEST_NONCE].n = "Digest-Nonce"; + attrs[A_DIGEST_REALM].n = "Digest-Realm"; + attrs[A_DIGEST_USER_NAME].n = "Digest-User-Name"; + attrs[A_USER_NAME].n = "User-Name"; + attrs[A_CISCO_AVPAIR].n = "Cisco-AVPair"; + vals[V_SIP_SESSION].n = "Sip-Session"; + + rh = rc_new(); + if (rh == NULL) { + LOG(L_ERR, "auth_radius: Error initialising Radius Client " + "library\n"); return -1; } - - if (rc_read_dictionary(rc_conf_str("dictionary")) != 0) { - LOG(L_ERR, "auth_radius: Error opening dictionary file \n"); + + if (rc_read_config(rh, radius_config) != 0) { + LOG(L_ERR, "auth_radius: Error opening configuration file \n"); return -2; } + if (rc_read_dictionary(rh, rc_conf_str(rh, "dictionary")) != 0) { + LOG(L_ERR, "auth_radius: Error opening dictionary file \n"); + return -3; + } + + vend = rc_dict_findvend(rh, "Cisco"); + if (vend == NULL) { + LOG(L_ERR, "auth_radius: No `Cisco' vendor in Radius " + "dictionary\n"); + return -4; + } + ciscopec = vend->vendorpec; + pre_auth_func = (pre_auth_f)find_export("pre_auth", 0, 0); post_auth_func = (post_auth_f)find_export("post_auth", 0, 0); if (!(pre_auth_func && post_auth_func)) { LOG(L_ERR, "auth_radius: This module requires auth module\n"); - return -3; + return -5; } + + INIT_AV(rh, attrs, vals, "auth_radius"); + + if (service_type != -1) + vals[V_SIP_SESSION].v = service_type; return 0; } Index: auth_radius/authrad_mod.h =================================================================== RCS file: /cvsroot/ser/sip_router/modules/auth_radius/authrad_mod.h,v retrieving revision 1.3 diff -d -u -d -u -r1.3 authrad_mod.h --- auth_radius/authrad_mod.h 2003/05/02 12:21:54 1.3 +++ auth_radius/authrad_mod.h 2003/12/08 21:50:08 @@ -37,6 +37,10 @@ #include "../auth/api.h" +extern struct attr attrs[]; +extern struct val vals[]; +extern void *rh; +extern int ciscopec; extern pre_auth_f pre_auth_func; extern post_auth_f post_auth_func; Index: auth_radius/dict.h =================================================================== RCS file: dict.h diff -N dict.h --- /tmp/cvs6n4eYg Mon Dec 8 22:50:08 2003 +++ /dev/null Tue Sep 4 15:27:29 2001 @@ -1,66 +0,0 @@ -/* - * $Id: dict.h,v 1.1 2003/09/11 22:00:27 janakj Exp $ - * - * Digest Authentication - Radius support - * Definitions not found in radiusclient.h - * - * Copyright (C) 2001-2003 Fhg Fokus - * - * This file is part of ser, a free SIP server. - * - * ser is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version - * - * For a license to use the ser software under conditions - * other than those described here, or to purchase support for this - * software, please contact iptel.org by e-mail at the following addresses: - * info@iptel.org - * - * ser is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * - * History: - * ------- - * 2003-03-09: Based on ser_radius.h from radius_auth (janakj) - */ - -/* - * WARNING: Don't forget to update the dictionary if you update the file !!! - */ - -#ifndef DICT_H -#define DICT_H - -/* Service types */ -#define PW_CALL_CHECK 10 -#define PW_EMERGENCY_CALL 13 -#define PW_SIP_SESSION 15 - -/* Attributes*/ -#define PW_DIGEST_RESPONSE 206 /* string */ -#define PW_DIGEST_ATTRIBUTES 207 /* string */ - -#define PW_SIP_URI_USER 208 /* string */ -#define PW_SIP_RPID 213 /* string */ - -#define PW_DIGEST_REALM 1063 /* string */ -#define PW_DIGEST_NONCE 1064 /* string */ -#define PW_DIGEST_METHOD 1065 /* string */ -#define PW_DIGEST_URI 1066 /* string */ -#define PW_DIGEST_QOP 1067 /* string */ -#define PW_DIGEST_ALGORITHM 1068 /* string */ -#define PW_DIGEST_BODY_DIGEST 1069 /* string */ -#define PW_DIGEST_CNONCE 1070 /* string */ -#define PW_DIGEST_NONCE_COUNT 1071 /* string */ -#define PW_DIGEST_USER_NAME 1072 /* string */ - - -#endif /* DICT_H */ Index: auth_radius/sterman.c =================================================================== RCS file: /cvsroot/ser/sip_router/modules/auth_radius/sterman.c,v retrieving revision 1.7 diff -d -u -d -u -r1.7 sterman.c --- auth_radius/sterman.c 2003/09/11 22:00:27 1.7 +++ auth_radius/sterman.c 2003/12/08 21:50:08 @@ -32,11 +32,12 @@ */ +#include #include #include "../../mem/mem.h" #include "../../dprint.h" #include "../auth/api.h" -#include "dict.h" +#include "../../modules/acc/dict.h" #include "sterman.h" #include "authrad_mod.h" #include @@ -49,12 +50,12 @@ * which can be be used as a check item in the request. Service type of * the request is Authenticate-Only. */ -int radius_authorize_sterman(dig_cred_t* _cred, str* _method, str* _user, str* _rpid) +int radius_authorize_sterman(struct sip_msg* _msg, dig_cred_t* _cred, str* _method, str* _user, str* _rpid) { static char msg[4096]; VALUE_PAIR *send, *received, *vp; UINT4 service; - str method, user, user_name; + str method, user, user_name, callid; int i; send = received = 0; @@ -73,7 +74,7 @@ */ if (_cred->username.domain.len) { - if (!rc_avpair_add(&send, PW_USER_NAME, _cred->username.whole.s, _cred->username.whole.len)) { + if (!rc_avpair_add(rh, &send, attrs[PW_USER_NAME].v, _cred->username.whole.s, _cred->username.whole.len, 0)) { LOG(L_ERR, "sterman(): Unable to add PW_USER_NAME attribute\n"); rc_avpair_free(send); return -2; @@ -88,7 +89,7 @@ memcpy(user_name.s, _cred->username.whole.s, _cred->username.whole.len); user_name.s[_cred->username.whole.len] = '@'; memcpy(user_name.s + _cred->username.whole.len + 1, _cred->realm.s, _cred->realm.len); - if (!rc_avpair_add(&send, PW_USER_NAME, user_name.s, user_name.len)) { + if (!rc_avpair_add(rh, &send, attrs[PW_USER_NAME].v, user_name.s, user_name.len, 0)) { LOG(L_ERR, "sterman(): Unable to add PW_USER_NAME attribute\n"); pkg_free(user_name.s); rc_avpair_free(send); @@ -97,29 +98,29 @@ pkg_free(user_name.s); } - if (!rc_avpair_add(&send, PW_DIGEST_USER_NAME, _cred->username.whole.s, _cred->username.whole.len)) { + if (!rc_avpair_add(rh, &send, attrs[PW_DIGEST_USER_NAME].v, _cred->username.whole.s, _cred->username.whole.len, 0)) { LOG(L_ERR, "sterman(): Unable to add PW_DIGEST_USER_NAME attribute\n"); rc_avpair_free(send); return -5; } - if (!rc_avpair_add(&send, PW_DIGEST_REALM, _cred->realm.s, _cred->realm.len)) { + if (!rc_avpair_add(rh, &send, attrs[PW_DIGEST_REALM].v, _cred->realm.s, _cred->realm.len, 0)) { LOG(L_ERR, "sterman(): Unable to add PW_DIGEST_REALM attribute\n"); rc_avpair_free(send); return -6; } - if (!rc_avpair_add(&send, PW_DIGEST_NONCE, _cred->nonce.s, _cred->nonce.len)) { + if (!rc_avpair_add(rh, &send, attrs[PW_DIGEST_NONCE].v, _cred->nonce.s, _cred->nonce.len, 0)) { LOG(L_ERR, "sterman(): Unable to add PW_DIGEST_NONCE attribute\n"); rc_avpair_free(send); return -7; } - if (!rc_avpair_add(&send, PW_DIGEST_URI, _cred->uri.s, _cred->uri.len)) { + if (!rc_avpair_add(rh, &send, attrs[PW_DIGEST_URI].v, _cred->uri.s, _cred->uri.len, 0)) { LOG(L_ERR, "sterman(): Unable to add PW_DIGEST_URI attribute\n"); rc_avpair_free(send); return -8; } - if (!rc_avpair_add(&send, PW_DIGEST_METHOD, method.s, method.len)) { + if (!rc_avpair_add(rh, &send, attrs[PW_DIGEST_METHOD].v, method.s, method.len, 0)) { LOG(L_ERR, "sterman(): Unable to add PW_DIGEST_METHOD attribute\n"); rc_avpair_free(send); return -9; @@ -129,38 +130,38 @@ * Add the additional authentication fields according to the QOP. */ if (_cred->qop.qop_parsed == QOP_AUTH) { - if (!rc_avpair_add(&send, PW_DIGEST_QOP, "auth", 4)) { + if (!rc_avpair_add(rh, &send, attrs[PW_DIGEST_QOP].v, "auth", 4, 0)) { LOG(L_ERR, "sterman(): Unable to add PW_DIGEST_QOP attribute\n"); rc_avpair_free(send); return -10; } - if (!rc_avpair_add(&send, PW_DIGEST_NONCE_COUNT, _cred->nc.s, _cred->nc.len)) { + if (!rc_avpair_add(rh, &send, attrs[PW_DIGEST_NONCE_COUNT].v, _cred->nc.s, _cred->nc.len, 0)) { LOG(L_ERR, "sterman(): Unable to add PW_DIGEST_NONCE_COUNT attribute\n"); rc_avpair_free(send); return -11; } - if (!rc_avpair_add(&send, PW_DIGEST_CNONCE, _cred->cnonce.s, _cred->cnonce.len)) { + if (!rc_avpair_add(rh, &send, attrs[PW_DIGEST_CNONCE].v, _cred->cnonce.s, _cred->cnonce.len, 0)) { LOG(L_ERR, "sterman(): Unable to add PW_DIGEST_CNONCE attribute\n"); rc_avpair_free(send); return -12; } } else if (_cred->qop.qop_parsed == QOP_AUTHINT) { - if (!rc_avpair_add(&send, PW_DIGEST_QOP, "auth-int", 8)) { + if (!rc_avpair_add(rh, &send, attrs[PW_DIGEST_QOP].v, "auth-int", 8, 0)) { LOG(L_ERR, "sterman(): Unable to add PW_DIGEST_QOP attribute\n"); rc_avpair_free(send); return -13; } - if (!rc_avpair_add(&send, PW_DIGEST_NONCE_COUNT, _cred->nc.s, _cred->nc.len)) { + if (!rc_avpair_add(rh, &send, attrs[PW_DIGEST_NONCE_COUNT].v, _cred->nc.s, _cred->nc.len, 0)) { LOG(L_ERR, "sterman(): Unable to add PW_DIGEST_NONCE_COUNT attribute\n"); rc_avpair_free(send); return -14; } - if (!rc_avpair_add(&send, PW_DIGEST_CNONCE, _cred->cnonce.s, _cred->cnonce.len)) { + if (!rc_avpair_add(rh, &send, attrs[PW_DIGEST_CNONCE].v, _cred->cnonce.s, _cred->cnonce.len, 0)) { LOG(L_ERR, "sterman(): Unable to add PW_DIGEST_CNONCE attribute\n"); rc_avpair_free(send); return -15; } - if (!rc_avpair_add(&send, PW_DIGEST_BODY_DIGEST, _cred->opaque.s, _cred->opaque.len)) { + if (!rc_avpair_add(rh, &send, attrs[PW_DIGEST_BODY_DIGEST].v, _cred->opaque.s, _cred->opaque.len, 0)) { LOG(L_ERR, "sterman(): Unable to add PW_DIGEST_BODY_DIGEST attribute\n"); rc_avpair_free(send); return -16; @@ -170,70 +171,57 @@ /* send nothing for qop == "" */ } - /* - * Now put everything place all the previous attributes into the - * PW_DIGEST_ATTRIBUTES - */ - - /* - * Fix up Digest-Attributes issues see draft-sterman-aaa-sip-00 - */ - for (vp = send; vp; vp = vp->next) { - switch (vp->attribute) { - default: - break; - - /* Fall thru the know values */ - case PW_DIGEST_REALM: - case PW_DIGEST_NONCE: - case PW_DIGEST_METHOD: - case PW_DIGEST_URI: - case PW_DIGEST_QOP: - case PW_DIGEST_ALGORITHM: - case PW_DIGEST_BODY_DIGEST: - case PW_DIGEST_CNONCE: - case PW_DIGEST_NONCE_COUNT: - case PW_DIGEST_USER_NAME: - - /* overlapping! */ - memmove(&vp->strvalue[2], &vp->strvalue[0], vp->lvalue); - vp->strvalue[0] = vp->attribute - PW_DIGEST_REALM + 1; - vp->lvalue += 2; - vp->strvalue[1] = vp->lvalue; - vp->attribute = PW_DIGEST_ATTRIBUTES; - break; - } - } - /* Add the response... What to calculate against... */ - if (!rc_avpair_add(&send, PW_DIGEST_RESPONSE, _cred->response.s, _cred->response.len)) { + if (!rc_avpair_add(rh, &send, attrs[PW_DIGEST_RESPONSE].v, _cred->response.s, _cred->response.len, 0)) { LOG(L_ERR, "sterman(): Unable to add PW_DIGEST_RESPONSE attribute\n"); rc_avpair_free(send); return -17; } /* Indicate the service type, Authenticate only in our case */ - service = service_type; - if (!rc_avpair_add(&send, PW_SERVICE_TYPE, &service, 0)) { + service = vals[V_SIP_SESSION].v; + if (!rc_avpair_add(rh, &send, attrs[PW_SERVICE_TYPE].v, &service, 0, 0)) { LOG(L_ERR, "sterman(): Unable to add PW_SERVICE_TYPE attribute\n"); rc_avpair_free(send); return -18; } /* Add SIP URI as a check item */ - if (!rc_avpair_add(&send, PW_SIP_URI_USER, user.s, user.len)) { + if (!rc_avpair_add(rh, &send, attrs[PW_SIP_URI_USER].v, user.s, user.len, 0)) { LOG(L_ERR, "sterman(): Unable to add PW_SIP_URI_USER attribute\n"); rc_avpair_free(send); return -19; } - + + /* Add SIP Call-ID as a Cisco VSA, like IOS does */ + if (_msg->callid == NULL || _msg->callid->body.s == NULL) { + LOG(L_ERR, "sterman(): Call-ID is missed\n"); + rc_avpair_free(send); + return -20; + } + callid.len = _msg->callid->body.len + 8; + callid.s = alloca(callid.len); + if (callid.s == NULL) { + LOG(L_ERR, "sterman(): No memory left\n"); + rc_avpair_free(send); + return -21; + } + memcpy(callid.s, "call-id=", 8); + memcpy(callid.s + 8, _msg->callid->body.s, _msg->callid->body.len); + if (rc_avpair_add(rh, &send, attrs[A_CISCO_AVPAIR].v, callid.s, + callid.len, ciscopec) == 0) { + LOG(L_ERR, "sterman(): Unable to add Cisco-AVPair attribute\n"); + rc_avpair_free(send); + return -22; + } + /* Send request */ - if ((i = rc_auth(SIP_PORT, send, &received, msg)) == OK_RC) { + if ((i = rc_auth(rh, SIP_PORT, send, &received, msg)) == OK_RC) { DBG("radius_authorize_sterman(): Success\n"); rc_avpair_free(send); /* Make a copy of rpid if available */ - if ((vp = rc_avpair_get(received, PW_SIP_RPID))) { + if ((vp = rc_avpair_get(received, attrs[PW_SIP_RPID].v, 0))) { if (MAX_RPID_LEN < vp->lvalue) { LOG(L_ERR, "radius_authorize_sterman(): rpid buffer too small\n"); return -20; Index: auth_radius/sterman.h =================================================================== RCS file: /cvsroot/ser/sip_router/modules/auth_radius/sterman.h,v retrieving revision 1.3 diff -d -u -d -u -r1.3 sterman.h --- auth_radius/sterman.h 2003/04/28 22:04:33 1.3 +++ auth_radius/sterman.h 2003/12/08 21:50:08 @@ -45,6 +45,6 @@ * which can be be used as a check item in the request. Service type of * the request is Authenticate-Only. */ -int radius_authorize_sterman(dig_cred_t* _cred, str* _method, str* _user, str* _rpid); +int radius_authorize_sterman(struct sip_msg* _msg, dig_cred_t* _cred, str* _method, str* _user, str* _rpid); #endif /* STERMAN_H */