[OpenSIPS-Users] radius_send_auth returns Vendor Specific Attributes
John Quick
john.quick at smartvox.co.uk
Tue Apr 8 15:15:39 CEST 2014
Bogdan,
Are you able to say which releases of OpenSIPS this is valid for? I have been testing on 1.8.2, but I applied the changes manually up to now.
John
From: Bogdan-Andrei Iancu [mailto:bogdan at opensips.org]
Sent: 08 April 2014 14:06
To: John Quick
Cc: 'OpenSIPS users mailling list'
Subject: Re: [OpenSIPS-Users] radius_send_auth returns Vendor Specific Attributes
John,
I made the change (with the param stuff). See trunk commit:
https://github.com/OpenSIPS/opensips/commit/0ba0bf059d67fa28e1b9b4f40d4af86db77f5593
Could you please have it tested so I can do the backport ?
Thanks and regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com
On 08.04.2014 13:11, Bogdan-Andrei Iancu wrote:
Fair enough..... I will take care of it and push it as a fix for a logical bug.
Thanks and regards,
Bogdan
Sent from Samsung Mobile
Fair enough..... I will take care of it and push it as a fix for a logical bug.
Thanks and regards,
Bogdan
Sent from Samsung Mobile
<br><br>-------- Original message --------<br>From: John Quick <mailto:john.quick at smartvox.co.uk> <john.quick at smartvox.co.uk> <br>Date:08/04/2014 11:38 (GMT+01:00) <br>To: 'Bogdan-Andrei Iancu' <mailto:bogdan at opensips.org> <bogdan at opensips.org> <br>Cc: 'OpenSIPS users mailling list' <mailto:users at lists.opensips.org> <users at lists.opensips.org> <br>Subject: RE: [OpenSIPS-Users] radius_send_auth returns Vendor Specific Attributes <br><br>
You could add a modparam option to make it keep working as before or in the
new way, then set default for that parameter to "old way".
John
-----Original Message-----
From: Bogdan-Andrei Iancu [mailto:bogdan at opensips.org]
Sent: 07 April 2014 23:00
To: john.quick at smartvox.co.uk
Cc: 'OpenSIPS users mailling list'
Subject: Re: [OpenSIPS-Users] radius_send_auth returns Vendor Specific
Attributes
I'm glad it works.
I definitely think this must be pushed as bug fix (as it poses serious
limitations) , but we need to be very careful to backward compatibility
(which may be affected)...do you see any way nicely deal with this ?
Regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com
On 07.04.2014 18:22, John Quick wrote:
> Bogdan,
>
> That seems to have fixed it. Thanks.
>
> John
>
>
> -----Original Message-----
> From: Bogdan-Andrei Iancu [mailto:bogdan at opensips.org]
> Sent: 04 April 2014 16:15
> To: john.quick at smartvox.co.uk
> Cc: 'OpenSIPS users mailling list'
> Subject: Re: [OpenSIPS-Users] radius_send_auth returns Vendor Specific
> Attributes
>
> Hi John,
>
> There was a small bug - please test this new attached patch (remove
> the prev one).
>
> Regards,
>
> Bogdan-Andrei Iancu
> OpenSIPS Founder and Developer
> http://www.opensips-solutions.com
>
> On 04.04.2014 17:29, John Quick wrote:
>> Hi Bogdan,
>>
>> From my initial testing, I think the inner while loop never terminates.
>> Luckily I added a trap using an integer counter with a limit of 40
>> iterations.
>> What is it in the call to rc_avpair_get() that allows it to cycle
>> through each instance with a matching name rather than just keep
>> getting the first instance?
>>
>> John
>>
>>
>> -----Original Message-----
>> From: Bogdan-Andrei Iancu [mailto:bogdan at opensips.org]
>> Sent: 03 April 2014 17:21
>> To: john.quick at smartvox.co.uk
>> Cc: 'OpenSIPS users mailling list'
>> Subject: Re: [OpenSIPS-Users] radius_send_auth returns Vendor
>> Specific Attributes
>>
>> John - please try the attached patch, with all the disclaimers it was
>> not tested :)
>>
>> Regards,
>>
>> Bogdan-Andrei Iancu
>> OpenSIPS Founder and Developer
>> http://www.opensips-solutions.com
>>
>> On 03.04.2014 19:13, John Quick wrote:
>>> Hi Bogdan,
>>>
>>> If the variable is a var, at the moment you would only get the first
>> value.
>>> After modification, you would only get the last value. I agree this
>>> is changed behaviour, but one case does not seem to me to be any
>>> worse than the other. The advantage that multiple values *can* be
>>> returned in an AVP seems to me to outweigh the risk of changed
>>> behaviour on the next release of OpenSIPS. For me, it would be a
>>> great advantage to be able to retrieve multiple values where this is
>>> not
> possible at the moment.
>>> If you are able to send me the diff file (or simply a description)
>>> for the changes, I would be happy to test it here.
>>>
>>> Thanks for responding.
>>>
>>> John
>>>
>>> -----Original Message-----
>>> From: Bogdan-Andrei Iancu [mailto:bogdan at opensips.org]
>>> Sent: 03 April 2014 16:53
>>> To: john.quick at smartvox.co.uk
>>> Cc: 'OpenSIPS users mailling list'
>>> Subject: Re: [OpenSIPS-Users] radius_send_auth returns Vendor
>>> Specific Attributes
>>>
>>> John,
>>>
>>> We could do that (pushing back to OpenSIPS all values for that
>>> RADIUS AVP), but it may be dangerous if you use on the OpenSIPS side
>>> a variable that does not support multiple values - actually the AVPs
>>> are the
>> only one doing that.
>>> Imagine the RADIUS reply returns multiple instances on an RADIUS AVP.
>>> And you use a $var() variable to get the value - each value will be
>>> pushed to that $var(), but as it can hold only one value, it will
>>> keep being overwritten -> only last value will be actually available.
>>> If this behavior is not a problem, we can fix the code and iterate
>>> through the entire list of RADIUS AVP and get all instances.
>>>
>>> Regards,
>>>
>>> Bogdan-Andrei Iancu
>>> OpenSIPS Founder and Developer
>>> http://www.opensips-solutions.com
>>>
>>> On 02.04.2014 10:20, John Quick wrote:
>>>> Bogdan,
>>>>
>>>> I was hoping to get all the values returned in 1 avp, the avp
>>>> defined for Cisco-AVPairs in set2. This takes advantage of the
>>>> ability of OpenSIPS avps to hold multiple indexed values and also
>>>> means minimal changes to the documentation of the aaa_radius module.
>>>> If you add a numeric index in the set definition, you must know
>>>> which position the required attribute is in and it is even possible
>>>> the server may return
>>> them in a different order.
>>>> Also, if you want to retrieve 10 values this makes the set2
>>>> definition very big and clumsy. Adding an index in the set
>>>> definition would only be a good solution if the index was a string
>>>> identifying the Attribute name within Cisco-AVPairs.
>>>>
>>>> I would be very happy to test if you can show me what changes need
>>>> to be made in the sources. I would have tried it already, but
>>>> wasn't sure how to add multiple values to the avp.
>>>>
>>>> John
>>>>
>>>> -----Original Message-----
>>>> From: Bogdan-Andrei Iancu [mailto:bogdan at opensips.org]
>>>> Sent: 01 April 2014 22:49
>>>> To: john.quick at smartvox.co.uk
>>>> Cc: 'OpenSIPS users mailling list'
>>>> Subject: Re: [OpenSIPS-Users] radius_send_auth returns Vendor
>>>> Specific Attributes
>>>>
>>>> John,
>>>>
>>>> I understand the issue and agree over the need of a solution. Two
>>>> possible
>>>> approaches:
>>>> - return all the values for that radius AVP
>>>> - include an index in the set definition - to say which
>>>> instance of the radius AVP you are looking for
>>>>
>>>> Regards,
>>>>
>>>> Bogdan-Andrei Iancu
>>>> OpenSIPS Founder and Developer
>>>> http://www.opensips-solutions.com
>>>>
>>>> On 01.04.2014 21:29, John Quick wrote:
>>>>> Hi Bogdan,
>>>>>
>>>>> Yes absolutely certain. I used Wireshark to check.
>>>>>
>>>>> I did make a little progress with this problem after finding some
>>>>> info on the Internet.
>>>>> The name that has to be used in set2 is "Cisco-AVPair". This
>>>>> allows me to retrieve just one VSA value.
>>>>> The *real* problem is that you cannot retrieve values 2, 3, 4, etc.
>>>>> This is because multiple instances are returned using the same VSA.
>>>>> They are all returned by the server in the attribute called
>>>>> h323-ivr-in. I even found the code in the sources that retrieves them.
>>>>> It loops through every instance in
>>>>> set2 and looks for 1 matching value. So even if you add "Cisco-AVPair"
>>>>> several times into set2 all you get is the first matching value
>>>>> many
>>>> times.
>>>>> John
>>>>>
>>>>> -----Original Message-----
>>>>> From: Bogdan-Andrei Iancu [mailto:bogdan at opensips.org]
>>>>> Sent: 01 April 2014 19:15
>>>>> To: john.quick at smartvox.co.uk; OpenSIPS users mailling list
>>>>> Subject: Re: [OpenSIPS-Users] radius_send_auth returns Vendor
>>>>> Specific Attributes
>>>>>
>>>>> Hi John,
>>>>>
>>>>> It may be a stupid question, but are you sure the AVP does exist
>>>>> in the RADIUS reply ?
>>>>>
>>>>> Regards,
>>>>>
>>>>> Bogdan-Andrei Iancu
>>>>> OpenSIPS Founder and Developer
>>>>> http://www.opensips-solutions.com
>>>>>
>>>>> On 28.03.2014 13:23, John Quick wrote:
>>>>>> Hi,
>>>>>>
>>>>>> With help from this forum, I have just got radius_send_auth working.
>>>>>> I needed some extra dictionaries including dictionary.cisco In
>>>>>> that dictionary, there are vendor specific attributes like this:
>>>>>> ATTRIBUTE h323-ivr-in 100 string
>>>>>> Cisco
>>>>>> ATTRIBUTE h323-credit-amount 101 string
>>>>>> Cisco
>>>>>>
>>>>>> My Radius server returns some data using these VSA's. In
>>>>>> particular, it returns many values using the same VSA -
>>>>>> h323-ivr-in
>>>>>>
>>>>>> I am having trouble recovering the returned values using set2 of
>>>>>> radius_send_auth Can anyone advise me how I should define set2 to
>>>>>> get at these returned values? I have tried the following with no
>>> success:
>>>>>> modparam("aaa_radius", "sets", "set2 =
>>>>>> (h323-return-code=$avp(retcode),
>>>>>> h323-ivr-in=$avp(authretvals))")
>>>>>>
>>>>>> After the function is called, there are no values in
>>>>>> $avp(authretvals)
>>>>>>
>>>>>> Thanks.
>>>>>>
>>>>>> John Quick
>>>>>> Smartvox Limited
>>>>>> Web: www.smartvox.co.uk
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Users mailing list
>>>>>> Users at lists.opensips.org
>>>>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>>>>
>>>>>>
>>
>
>
You could add a modparam option to make it keep working as before or in the
new way, then set default for that parameter to "old way".
John
-----Original Message-----
From: Bogdan-Andrei Iancu [mailto:bogdan at opensips.org]
Sent: 07 April 2014 23:00
To: john.quick at smartvox.co.uk
Cc: 'OpenSIPS users mailling list'
Subject: Re: [OpenSIPS-Users] radius_send_auth returns Vendor Specific
Attributes
I'm glad it works.
I definitely think this must be pushed as bug fix (as it poses serious
limitations) , but we need to be very careful to backward compatibility
(which may be affected)...do you see any way nicely deal with this ?
Regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com
On 07.04.2014 18:22, John Quick wrote:
Bogdan,
That seems to have fixed it. Thanks.
John
-----Original Message-----
From: Bogdan-Andrei Iancu [mailto:bogdan at opensips.org]
Sent: 04 April 2014 16:15
To: john.quick at smartvox.co.uk
Cc: 'OpenSIPS users mailling list'
Subject: Re: [OpenSIPS-Users] radius_send_auth returns Vendor Specific
Attributes
Hi John,
There was a small bug - please test this new attached patch (remove
the prev one).
Regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com
On 04.04.2014 17:29, John Quick wrote:
Hi Bogdan,
From my initial testing, I think the inner while loop never terminates.
Luckily I added a trap using an integer counter with a limit of 40
iterations.
What is it in the call to rc_avpair_get() that allows it to cycle
through each instance with a matching name rather than just keep
getting the first instance?
John
-----Original Message-----
From: Bogdan-Andrei Iancu [mailto:bogdan at opensips.org]
Sent: 03 April 2014 17:21
To: john.quick at smartvox.co.uk
Cc: 'OpenSIPS users mailling list'
Subject: Re: [OpenSIPS-Users] radius_send_auth returns Vendor
Specific Attributes
John - please try the attached patch, with all the disclaimers it was
not tested :)
Regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com
On 03.04.2014 19:13, John Quick wrote:
Hi Bogdan,
If the variable is a var, at the moment you would only get the first
value.
After modification, you would only get the last value. I agree this
is changed behaviour, but one case does not seem to me to be any
worse than the other. The advantage that multiple values *can* be
returned in an AVP seems to me to outweigh the risk of changed
behaviour on the next release of OpenSIPS. For me, it would be a
great advantage to be able to retrieve multiple values where this is
not
possible at the moment.
If you are able to send me the diff file (or simply a description)
for the changes, I would be happy to test it here.
Thanks for responding.
John
-----Original Message-----
From: Bogdan-Andrei Iancu [mailto:bogdan at opensips.org]
Sent: 03 April 2014 16:53
To: john.quick at smartvox.co.uk
Cc: 'OpenSIPS users mailling list'
Subject: Re: [OpenSIPS-Users] radius_send_auth returns Vendor
Specific Attributes
John,
We could do that (pushing back to OpenSIPS all values for that
RADIUS AVP), but it may be dangerous if you use on the OpenSIPS side
a variable that does not support multiple values - actually the AVPs
are the
only one doing that.
Imagine the RADIUS reply returns multiple instances on an RADIUS AVP.
And you use a $var() variable to get the value - each value will be
pushed to that $var(), but as it can hold only one value, it will
keep being overwritten -> only last value will be actually available.
If this behavior is not a problem, we can fix the code and iterate
through the entire list of RADIUS AVP and get all instances.
Regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com
On 02.04.2014 10:20, John Quick wrote:
Bogdan,
I was hoping to get all the values returned in 1 avp, the avp
defined for Cisco-AVPairs in set2. This takes advantage of the
ability of OpenSIPS avps to hold multiple indexed values and also
means minimal changes to the documentation of the aaa_radius module.
If you add a numeric index in the set definition, you must know
which position the required attribute is in and it is even possible
the server may return
them in a different order.
Also, if you want to retrieve 10 values this makes the set2
definition very big and clumsy. Adding an index in the set
definition would only be a good solution if the index was a string
identifying the Attribute name within Cisco-AVPairs.
I would be very happy to test if you can show me what changes need
to be made in the sources. I would have tried it already, but
wasn't sure how to add multiple values to the avp.
John
-----Original Message-----
From: Bogdan-Andrei Iancu [mailto:bogdan at opensips.org]
Sent: 01 April 2014 22:49
To: john.quick at smartvox.co.uk
Cc: 'OpenSIPS users mailling list'
Subject: Re: [OpenSIPS-Users] radius_send_auth returns Vendor
Specific Attributes
John,
I understand the issue and agree over the need of a solution. Two
possible
approaches:
- return all the values for that radius AVP
- include an index in the set definition - to say which
instance of the radius AVP you are looking for
Regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com
On 01.04.2014 21:29, John Quick wrote:
Hi Bogdan,
Yes absolutely certain. I used Wireshark to check.
I did make a little progress with this problem after finding some
info on the Internet.
The name that has to be used in set2 is "Cisco-AVPair". This
allows me to retrieve just one VSA value.
The *real* problem is that you cannot retrieve values 2, 3, 4, etc.
This is because multiple instances are returned using the same VSA.
They are all returned by the server in the attribute called
h323-ivr-in. I even found the code in the sources that retrieves them.
It loops through every instance in
set2 and looks for 1 matching value. So even if you add "Cisco-AVPair"
several times into set2 all you get is the first matching value
many
times.
John
-----Original Message-----
From: Bogdan-Andrei Iancu [mailto:bogdan at opensips.org]
Sent: 01 April 2014 19:15
To: john.quick at smartvox.co.uk; OpenSIPS users mailling list
Subject: Re: [OpenSIPS-Users] radius_send_auth returns Vendor
Specific Attributes
Hi John,
It may be a stupid question, but are you sure the AVP does exist
in the RADIUS reply ?
Regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com
On 28.03.2014 13:23, John Quick wrote:
Hi,
With help from this forum, I have just got radius_send_auth working.
I needed some extra dictionaries including dictionary.cisco In
that dictionary, there are vendor specific attributes like this:
ATTRIBUTE h323-ivr-in 100 string
Cisco
ATTRIBUTE h323-credit-amount 101 string
Cisco
My Radius server returns some data using these VSA's. In
particular, it returns many values using the same VSA -
h323-ivr-in
I am having trouble recovering the returned values using set2 of
radius_send_auth Can anyone advise me how I should define set2 to
get at these returned values? I have tried the following with no
success:
modparam("aaa_radius", "sets", "set2 =
(h323-return-code=$avp(retcode),
h323-ivr-in=$avp(authretvals))")
After the function is called, there are no values in
$avp(authretvals)
Thanks.
John Quick
Smartvox Limited
Web: www.smartvox.co.uk
_______________________________________________
Users mailing list
Users at lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20140408/3945aba7/attachment-0001.htm>
More information about the Users
mailing list