[OpenSIPS-Users] radius_send_auth returns Vendor Specific Attributes

Bogdan-Andrei Iancu bogdan at opensips.org
Thu Apr 3 18:20:43 CEST 2014


John - please try the attached patch, with all the disclaimers it was 
not tested :)

Regards,

Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com

On 03.04.2014 19:13, John Quick wrote:
> Hi Bogdan,
>
> If the variable is a var, at the moment you would only get the first value.
> After modification, you would only get the last value. I agree this is
> changed behaviour, but one case does not seem to me to be any worse than the
> other. The advantage that multiple values *can* be returned in an AVP seems
> to me to outweigh the risk of changed behaviour on the next release of
> OpenSIPS. For me, it would be a great advantage to be able to retrieve
> multiple values where this is not possible at the moment.
>
> If you are able to send me the diff file (or simply a description) for the
> changes, I would be happy to test it here.
>
> Thanks for responding.
>
> John
>
> -----Original Message-----
> From: Bogdan-Andrei Iancu [mailto:bogdan at opensips.org]
> Sent: 03 April 2014 16:53
> To: john.quick at smartvox.co.uk
> Cc: 'OpenSIPS users mailling list'
> Subject: Re: [OpenSIPS-Users] radius_send_auth returns Vendor Specific
> Attributes
>
> John,
>
> We could do that (pushing back to OpenSIPS all values for that RADIUS AVP),
> but it may be dangerous if you use on the OpenSIPS side a variable that does
> not support multiple values - actually the AVPs are the only one doing that.
>
> Imagine the RADIUS reply returns multiple instances on an RADIUS AVP.
> And you use a $var() variable to get the value - each value will be pushed
> to that $var(), but as it can hold only one value, it will keep being
> overwritten -> only last value will be actually available.
> If this behavior is not a problem, we can fix the code and iterate through
> the entire list of RADIUS AVP and get all instances.
>
> Regards,
>
> Bogdan-Andrei Iancu
> OpenSIPS Founder and Developer
> http://www.opensips-solutions.com
>
> On 02.04.2014 10:20, John Quick wrote:
>> Bogdan,
>>
>> I was hoping to get all the values returned in 1 avp, the avp defined
>> for Cisco-AVPairs in set2. This takes advantage of the ability of
>> OpenSIPS avps to hold multiple indexed values and also means minimal
>> changes to the documentation of the aaa_radius module. If you add a
>> numeric index in the set definition, you must know which position the
>> required attribute is in and it is even possible the server may return
> them in a different order.
>> Also, if you want to retrieve 10 values this makes the set2 definition
>> very big and clumsy. Adding an index in the set definition would only
>> be a good solution if the index was a string identifying the Attribute
>> name within Cisco-AVPairs.
>>
>> I would be very happy to test if you can show me what changes need to
>> be made in the sources. I would have tried it already, but wasn't sure
>> how to add multiple values to the avp.
>>
>> John
>>
>> -----Original Message-----
>> From: Bogdan-Andrei Iancu [mailto:bogdan at opensips.org]
>> Sent: 01 April 2014 22:49
>> To: john.quick at smartvox.co.uk
>> Cc: 'OpenSIPS users mailling list'
>> Subject: Re: [OpenSIPS-Users] radius_send_auth returns Vendor Specific
>> Attributes
>>
>> John,
>>
>> I understand the issue and agree over the need of a solution. Two
>> possible
>> approaches:
>>        - return all the values for that radius AVP
>>        - include an index in the set definition - to say which instance
>> of the radius AVP you are looking for
>>
>> Regards,
>>
>> Bogdan-Andrei Iancu
>> OpenSIPS Founder and Developer
>> http://www.opensips-solutions.com
>>
>> On 01.04.2014 21:29, John Quick wrote:
>>> Hi Bogdan,
>>>
>>> Yes absolutely certain. I used Wireshark to check.
>>>
>>> I did make a little progress with this problem after finding some
>>> info on the Internet.
>>> The name that has to be used in set2 is "Cisco-AVPair". This allows
>>> me to retrieve just one VSA value.
>>> The *real* problem is that you cannot retrieve values 2, 3, 4, etc.
>>> This is because multiple instances are returned using the same VSA.
>>> They are all returned by the server in the attribute called
>>> h323-ivr-in. I even found the code in the sources that retrieves them.
>>> It loops through every instance in
>>> set2 and looks for 1 matching value. So even if you add "Cisco-AVPair"
>>> several times into set2 all you get is the first matching value many
>> times.
>>> John
>>>
>>> -----Original Message-----
>>> From: Bogdan-Andrei Iancu [mailto:bogdan at opensips.org]
>>> Sent: 01 April 2014 19:15
>>> To: john.quick at smartvox.co.uk; OpenSIPS users mailling list
>>> Subject: Re: [OpenSIPS-Users] radius_send_auth returns Vendor
>>> Specific Attributes
>>>
>>> Hi John,
>>>
>>> It may be a stupid question, but are you sure the AVP does exist in
>>> the RADIUS reply ?
>>>
>>> Regards,
>>>
>>> Bogdan-Andrei Iancu
>>> OpenSIPS Founder and Developer
>>> http://www.opensips-solutions.com
>>>
>>> On 28.03.2014 13:23, John Quick wrote:
>>>> Hi,
>>>>
>>>> With help from this forum, I have just got radius_send_auth working.
>>>> I needed some extra dictionaries including dictionary.cisco In that
>>>> dictionary, there are vendor specific attributes like this:
>>>> ATTRIBUTE       h323-ivr-in                     100     string
>>>> Cisco
>>>> ATTRIBUTE       h323-credit-amount              101     string
>>>> Cisco
>>>>
>>>> My Radius server returns some data using these VSA's. In particular,
>>>> it returns many values using the same VSA - h323-ivr-in
>>>>
>>>> I am having trouble recovering the returned values using set2 of
>>>> radius_send_auth Can anyone advise me how I should define set2 to
>>>> get at these returned values? I have tried the following with no
> success:
>>>> modparam("aaa_radius", "sets", "set2 =
>>>> (h323-return-code=$avp(retcode),
>>>> h323-ivr-in=$avp(authretvals))")
>>>>
>>>> After the function is called, there are no values in
>>>> $avp(authretvals)
>>>>
>>>> Thanks.
>>>>
>>>> John Quick
>>>> Smartvox Limited
>>>> Web: www.smartvox.co.uk
>>>>
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Users mailing list
>>>> Users at lists.opensips.org
>>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>>
>>>>
>>
>
>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: aaa_radius.patch
Type: text/x-patch
Size: 902 bytes
Desc: not available
URL: <http://lists.opensips.org/pipermail/users/attachments/20140403/b981eb3b/attachment-0001.bin>


More information about the Users mailing list