[OpenSIPS-Users] radius_send_auth returns Vendor Specific Attributes
Bogdan-Andrei Iancu
bogdan at opensips.org
Tue Apr 8 15:17:30 CEST 2014
The public commit is on trunk only. If you wantto test it for other
versions, just get the patch via:
https://github.com/OpenSIPS/opensips/commit/0ba0bf059d67fa28e1b9b4f40d4af86db77f5593.patch
and apply it. If it works ok, I will do the backport to 1.11, 1.10 and 1.8
Thanks,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com
On 08.04.2014 16:15, John Quick wrote:
>
> Bogdan,
>
>
> Are you able to say which releases of OpenSIPS this is valid for? I
> have been testing on 1.8.2, but I applied the changes manually up to now.
>
> John
>
> *From:*Bogdan-Andrei Iancu [mailto:bogdan at opensips.org]
> *Sent:* 08 April 2014 14:06
> *To:* John Quick
> *Cc:* 'OpenSIPS users mailling list'
> *Subject:* Re: [OpenSIPS-Users] radius_send_auth returns Vendor
> Specific Attributes
>
> John,
>
> I made the change (with the param stuff). See trunk commit:
> https://github.com/OpenSIPS/opensips/commit/0ba0bf059d67fa28e1b9b4f40d4af86db77f5593
>
> Could you please have it tested so I can do the backport ?
>
> Thanks and regards,
>
> Bogdan-Andrei Iancu
> OpenSIPS Founder and Developer
> http://www.opensips-solutions.com
>
> On 08.04.2014 13:11, Bogdan-Andrei Iancu wrote:
>
> Fair enough..... I will take care of it and push it as a fix for
> a logical bug.
>
> Thanks and regards,
>
> Bogdan
>
> Sent from Samsung Mobile
>
>
>
>
> Fair enough..... I will take care of it and push it as a fix for a logical bug.
>
>
>
> Thanks and regards,
>
> Bogdan
>
>
>
>
>
> Sent from Samsung Mobile
>
>
>
>
> <br><br>-------- Original message --------<br>From: John Quick<john.quick at smartvox.co.uk> <mailto:john.quick at smartvox.co.uk> <br>Date:08/04/2014 11:38 (GMT+01:00) <br>To: 'Bogdan-Andrei Iancu'<bogdan at opensips.org> <mailto:bogdan at opensips.org> <br>Cc: 'OpenSIPS users mailling list'<users at lists.opensips.org> <mailto:users at lists.opensips.org> <br>Subject: RE: [OpenSIPS-Users] radius_send_auth returns Vendor Specific Attributes <br><br>
>
>
>
> You could add a modparam option to make it keep working as before
> or in the
> new way, then set default for that parameter to "old way".
>
> John
>
> -----Original Message-----
> From: Bogdan-Andrei Iancu [mailto:bogdan at opensips.org]
> Sent: 07 April 2014 23:00
> To: john.quick at smartvox.co.uk <mailto:john.quick at smartvox.co.uk>
> Cc: 'OpenSIPS users mailling list'
> Subject: Re: [OpenSIPS-Users] radius_send_auth returns Vendor Specific
> Attributes
>
> I'm glad it works.
>
> I definitely think this must be pushed as bug fix (as it poses serious
> limitations) , but we need to be very careful to backward
> compatibility
> (which may be affected)...do you see any way nicely deal with this ?
>
> Regards,
>
> Bogdan-Andrei Iancu
> OpenSIPS Founder and Developer
> http://www.opensips-solutions.com
>
> On 07.04.2014 18:22, John Quick wrote:
> > Bogdan,
> >
> > That seems to have fixed it. Thanks.
> >
> > John
> >
> >
> > -----Original Message-----
> > From: Bogdan-Andrei Iancu [mailto:bogdan at opensips.org]
> > Sent: 04 April 2014 16:15
> > To: john.quick at smartvox.co.uk <mailto:john.quick at smartvox.co.uk>
> > Cc: 'OpenSIPS users mailling list'
> > Subject: Re: [OpenSIPS-Users] radius_send_auth returns Vendor
> Specific
> > Attributes
> >
> > Hi John,
> >
> > There was a small bug - please test this new attached patch (remove
> > the prev one).
> >
> > Regards,
> >
> > Bogdan-Andrei Iancu
> > OpenSIPS Founder and Developer
> > http://www.opensips-solutions.com
> >
> > On 04.04.2014 17:29, John Quick wrote:
> >> Hi Bogdan,
> >>
> >> From my initial testing, I think the inner while loop never
> terminates.
> >> Luckily I added a trap using an integer counter with a limit of 40
> >> iterations.
> >> What is it in the call to rc_avpair_get() that allows it to cycle
> >> through each instance with a matching name rather than just keep
> >> getting the first instance?
> >>
> >> John
> >>
> >>
> >> -----Original Message-----
> >> From: Bogdan-Andrei Iancu [mailto:bogdan at opensips.org]
> >> Sent: 03 April 2014 17:21
> >> To: john.quick at smartvox.co.uk <mailto:john.quick at smartvox.co.uk>
> >> Cc: 'OpenSIPS users mailling list'
> >> Subject: Re: [OpenSIPS-Users] radius_send_auth returns Vendor
> >> Specific Attributes
> >>
> >> John - please try the attached patch, with all the disclaimers
> it was
> >> not tested :)
> >>
> >> Regards,
> >>
> >> Bogdan-Andrei Iancu
> >> OpenSIPS Founder and Developer
> >> http://www.opensips-solutions.com
> >>
> >> On 03.04.2014 19:13, John Quick wrote:
> >>> Hi Bogdan,
> >>>
> >>> If the variable is a var, at the moment you would only get the
> first
> >> value.
> >>> After modification, you would only get the last value. I agree
> this
> >>> is changed behaviour, but one case does not seem to me to be any
> >>> worse than the other. The advantage that multiple values *can* be
> >>> returned in an AVP seems to me to outweigh the risk of changed
> >>> behaviour on the next release of OpenSIPS. For me, it would be a
> >>> great advantage to be able to retrieve multiple values where
> this is
> >>> not
> > possible at the moment.
> >>> If you are able to send me the diff file (or simply a
> description)
> >>> for the changes, I would be happy to test it here.
> >>>
> >>> Thanks for responding.
> >>>
> >>> John
> >>>
> >>> -----Original Message-----
> >>> From: Bogdan-Andrei Iancu [mailto:bogdan at opensips.org]
> >>> Sent: 03 April 2014 16:53
> >>> To: john.quick at smartvox.co.uk <mailto:john.quick at smartvox.co.uk>
> >>> Cc: 'OpenSIPS users mailling list'
> >>> Subject: Re: [OpenSIPS-Users] radius_send_auth returns Vendor
> >>> Specific Attributes
> >>>
> >>> John,
> >>>
> >>> We could do that (pushing back to OpenSIPS all values for that
> >>> RADIUS AVP), but it may be dangerous if you use on the
> OpenSIPS side
> >>> a variable that does not support multiple values - actually
> the AVPs
> >>> are the
> >> only one doing that.
> >>> Imagine the RADIUS reply returns multiple instances on an
> RADIUS AVP.
> >>> And you use a $var() variable to get the value - each value
> will be
> >>> pushed to that $var(), but as it can hold only one value, it will
> >>> keep being overwritten -> only last value will be actually
> available.
> >>> If this behavior is not a problem, we can fix the code and
> iterate
> >>> through the entire list of RADIUS AVP and get all instances.
> >>>
> >>> Regards,
> >>>
> >>> Bogdan-Andrei Iancu
> >>> OpenSIPS Founder and Developer
> >>> http://www.opensips-solutions.com
> >>>
> >>> On 02.04.2014 10:20, John Quick wrote:
> >>>> Bogdan,
> >>>>
> >>>> I was hoping to get all the values returned in 1 avp, the avp
> >>>> defined for Cisco-AVPairs in set2. This takes advantage of the
> >>>> ability of OpenSIPS avps to hold multiple indexed values and
> also
> >>>> means minimal changes to the documentation of the aaa_radius
> module.
> >>>> If you add a numeric index in the set definition, you must know
> >>>> which position the required attribute is in and it is even
> possible
> >>>> the server may return
> >>> them in a different order.
> >>>> Also, if you want to retrieve 10 values this makes the set2
> >>>> definition very big and clumsy. Adding an index in the set
> >>>> definition would only be a good solution if the index was a
> string
> >>>> identifying the Attribute name within Cisco-AVPairs.
> >>>>
> >>>> I would be very happy to test if you can show me what changes
> need
> >>>> to be made in the sources. I would have tried it already, but
> >>>> wasn't sure how to add multiple values to the avp.
> >>>>
> >>>> John
> >>>>
> >>>> -----Original Message-----
> >>>> From: Bogdan-Andrei Iancu [mailto:bogdan at opensips.org]
> >>>> Sent: 01 April 2014 22:49
> >>>> To: john.quick at smartvox.co.uk <mailto:john.quick at smartvox.co.uk>
> >>>> Cc: 'OpenSIPS users mailling list'
> >>>> Subject: Re: [OpenSIPS-Users] radius_send_auth returns Vendor
> >>>> Specific Attributes
> >>>>
> >>>> John,
> >>>>
> >>>> I understand the issue and agree over the need of a solution.
> Two
> >>>> possible
> >>>> approaches:
> >>>> - return all the values for that radius AVP
> >>>> - include an index in the set definition - to say which
> >>>> instance of the radius AVP you are looking for
> >>>>
> >>>> Regards,
> >>>>
> >>>> Bogdan-Andrei Iancu
> >>>> OpenSIPS Founder and Developer
> >>>> http://www.opensips-solutions.com
> >>>>
> >>>> On 01.04.2014 21:29, John Quick wrote:
> >>>>> Hi Bogdan,
> >>>>>
> >>>>> Yes absolutely certain. I used Wireshark to check.
> >>>>>
> >>>>> I did make a little progress with this problem after finding
> some
> >>>>> info on the Internet.
> >>>>> The name that has to be used in set2 is "Cisco-AVPair". This
> >>>>> allows me to retrieve just one VSA value.
> >>>>> The *real* problem is that you cannot retrieve values 2, 3,
> 4, etc.
> >>>>> This is because multiple instances are returned using the
> same VSA.
> >>>>> They are all returned by the server in the attribute called
> >>>>> h323-ivr-in. I even found the code in the sources that
> retrieves them.
> >>>>> It loops through every instance in
> >>>>> set2 and looks for 1 matching value. So even if you add
> "Cisco-AVPair"
> >>>>> several times into set2 all you get is the first matching value
> >>>>> many
> >>>> times.
> >>>>> John
> >>>>>
> >>>>> -----Original Message-----
> >>>>> From: Bogdan-Andrei Iancu [mailto:bogdan at opensips.org]
> >>>>> Sent: 01 April 2014 19:15
> >>>>> To: john.quick at smartvox.co.uk
> <mailto:john.quick at smartvox.co.uk>; OpenSIPS users mailling list
> >>>>> Subject: Re: [OpenSIPS-Users] radius_send_auth returns Vendor
> >>>>> Specific Attributes
> >>>>>
> >>>>> Hi John,
> >>>>>
> >>>>> It may be a stupid question, but are you sure the AVP does
> exist
> >>>>> in the RADIUS reply ?
> >>>>>
> >>>>> Regards,
> >>>>>
> >>>>> Bogdan-Andrei Iancu
> >>>>> OpenSIPS Founder and Developer
> >>>>> http://www.opensips-solutions.com
> >>>>>
> >>>>> On 28.03.2014 13:23, John Quick wrote:
> >>>>>> Hi,
> >>>>>>
> >>>>>> With help from this forum, I have just got radius_send_auth
> working.
> >>>>>> I needed some extra dictionaries including dictionary.cisco In
> >>>>>> that dictionary, there are vendor specific attributes like
> this:
> >>>>>> ATTRIBUTE h323-ivr-in 100 string
> >>>>>> Cisco
> >>>>>> ATTRIBUTE h323-credit-amount 101 string
> >>>>>> Cisco
> >>>>>>
> >>>>>> My Radius server returns some data using these VSA's. In
> >>>>>> particular, it returns many values using the same VSA -
> >>>>>> h323-ivr-in
> >>>>>>
> >>>>>> I am having trouble recovering the returned values using
> set2 of
> >>>>>> radius_send_auth Can anyone advise me how I should define
> set2 to
> >>>>>> get at these returned values? I have tried the following
> with no
> >>> success:
> >>>>>> modparam("aaa_radius", "sets", "set2 =
> >>>>>> (h323-return-code=$avp(retcode),
> >>>>>> h323-ivr-in=$avp(authretvals))")
> >>>>>>
> >>>>>> After the function is called, there are no values in
> >>>>>> $avp(authretvals)
> >>>>>>
> >>>>>> Thanks.
> >>>>>>
> >>>>>> John Quick
> >>>>>> Smartvox Limited
> >>>>>> Web: www.smartvox.co.uk <http://www.smartvox.co.uk>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> _______________________________________________
> >>>>>> Users mailing list
> >>>>>> Users at lists.opensips.org <mailto:Users at lists.opensips.org>
> >>>>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> >>>>>>
> >>>>>>
> >>
> >
> >
>
>
>
>
>
>
> You could add a modparam option to make it keep working as before or in the
>
> new way, then set default for that parameter to "old way".
>
>
>
> John
>
>
>
> -----Original Message-----
>
> From: Bogdan-Andrei Iancu [mailto:bogdan at opensips.org]
>
> Sent: 07 April 2014 23:00
>
> To:john.quick at smartvox.co.uk <mailto:john.quick at smartvox.co.uk>
>
> Cc: 'OpenSIPS users mailling list'
>
> Subject: Re: [OpenSIPS-Users] radius_send_auth returns Vendor Specific
>
> Attributes
>
>
>
> I'm glad it works.
>
>
>
> I definitely think this must be pushed as bug fix (as it poses serious
>
> limitations) , but we need to be very careful to backward compatibility
>
> (which may be affected)...do you see any way nicely deal with this ?
>
>
>
> Regards,
>
>
>
> Bogdan-Andrei Iancu
>
> OpenSIPS Founder and Developer
>
> http://www.opensips-solutions.com
>
>
>
> On 07.04.2014 18:22, John Quick wrote:
>
> Bogdan,
>
>
>
> That seems to have fixed it. Thanks.
>
>
>
> John
>
>
>
>
>
> -----Original Message-----
>
> From: Bogdan-Andrei Iancu [mailto:bogdan at opensips.org]
>
> Sent: 04 April 2014 16:15
>
> To:john.quick at smartvox.co.uk <mailto:john.quick at smartvox.co.uk>
>
> Cc: 'OpenSIPS users mailling list'
>
> Subject: Re: [OpenSIPS-Users] radius_send_auth returns Vendor Specific
>
> Attributes
>
>
>
> Hi John,
>
>
>
> There was a small bug - please test this new attached patch (remove
>
> the prev one).
>
>
>
> Regards,
>
>
>
> Bogdan-Andrei Iancu
>
> OpenSIPS Founder and Developer
>
> http://www.opensips-solutions.com
>
>
>
> On 04.04.2014 17:29, John Quick wrote:
>
> Hi Bogdan,
>
>
>
> From my initial testing, I think the inner while loop never terminates.
>
> Luckily I added a trap using an integer counter with a limit of 40
>
> iterations.
>
> What is it in the call to rc_avpair_get() that allows it to cycle
>
> through each instance with a matching name rather than just keep
>
> getting the first instance?
>
>
>
> John
>
>
>
>
>
> -----Original Message-----
>
> From: Bogdan-Andrei Iancu [mailto:bogdan at opensips.org]
>
> Sent: 03 April 2014 17:21
>
> To:john.quick at smartvox.co.uk <mailto:john.quick at smartvox.co.uk>
>
> Cc: 'OpenSIPS users mailling list'
>
> Subject: Re: [OpenSIPS-Users] radius_send_auth returns Vendor
>
> Specific Attributes
>
>
>
> John - please try the attached patch, with all the disclaimers it was
>
> not tested :)
>
>
>
> Regards,
>
>
>
> Bogdan-Andrei Iancu
>
> OpenSIPS Founder and Developer
>
> http://www.opensips-solutions.com
>
>
>
> On 03.04.2014 19:13, John Quick wrote:
>
> Hi Bogdan,
>
>
>
> If the variable is a var, at the moment you would only get the first
>
> value.
>
> After modification, you would only get the last value. I agree this
>
> is changed behaviour, but one case does not seem to me to be any
>
> worse than the other. The advantage that multiple values *can* be
>
> returned in an AVP seems to me to outweigh the risk of changed
>
> behaviour on the next release of OpenSIPS. For me, it would be a
>
> great advantage to be able to retrieve multiple values where this is
>
> not
>
> possible at the moment.
>
> If you are able to send me the diff file (or simply a description)
>
> for the changes, I would be happy to test it here.
>
>
>
> Thanks for responding.
>
>
>
> John
>
>
>
> -----Original Message-----
>
> From: Bogdan-Andrei Iancu [mailto:bogdan at opensips.org]
>
> Sent: 03 April 2014 16:53
>
> To:john.quick at smartvox.co.uk <mailto:john.quick at smartvox.co.uk>
>
> Cc: 'OpenSIPS users mailling list'
>
> Subject: Re: [OpenSIPS-Users] radius_send_auth returns Vendor
>
> Specific Attributes
>
>
>
> John,
>
>
>
> We could do that (pushing back to OpenSIPS all values for that
>
> RADIUS AVP), but it may be dangerous if you use on the OpenSIPS side
>
> a variable that does not support multiple values - actually the AVPs
>
> are the
>
> only one doing that.
>
> Imagine the RADIUS reply returns multiple instances on an RADIUS AVP.
>
> And you use a $var() variable to get the value - each value will be
>
> pushed to that $var(), but as it can hold only one value, it will
>
> keep being overwritten -> only last value will be actually available.
>
> If this behavior is not a problem, we can fix the code and iterate
>
> through the entire list of RADIUS AVP and get all instances.
>
>
>
> Regards,
>
>
>
> Bogdan-Andrei Iancu
>
> OpenSIPS Founder and Developer
>
> http://www.opensips-solutions.com
>
>
>
> On 02.04.2014 10:20, John Quick wrote:
>
> Bogdan,
>
>
>
> I was hoping to get all the values returned in 1 avp, the avp
>
> defined for Cisco-AVPairs in set2. This takes advantage of the
>
> ability of OpenSIPS avps to hold multiple indexed values and also
>
> means minimal changes to the documentation of the aaa_radius module.
>
> If you add a numeric index in the set definition, you must know
>
> which position the required attribute is in and it is even possible
>
> the server may return
>
> them in a different order.
>
> Also, if you want to retrieve 10 values this makes the set2
>
> definition very big and clumsy. Adding an index in the set
>
> definition would only be a good solution if the index was a string
>
> identifying the Attribute name within Cisco-AVPairs.
>
>
>
> I would be very happy to test if you can show me what changes need
>
> to be made in the sources. I would have tried it already, but
>
> wasn't sure how to add multiple values to the avp.
>
>
>
> John
>
>
>
> -----Original Message-----
>
> From: Bogdan-Andrei Iancu [mailto:bogdan at opensips.org]
>
> Sent: 01 April 2014 22:49
>
> To:john.quick at smartvox.co.uk <mailto:john.quick at smartvox.co.uk>
>
> Cc: 'OpenSIPS users mailling list'
>
> Subject: Re: [OpenSIPS-Users] radius_send_auth returns Vendor
>
> Specific Attributes
>
>
>
> John,
>
>
>
> I understand the issue and agree over the need of a solution. Two
>
> possible
>
> approaches:
>
> - return all the values for that radius AVP
>
> - include an index in the set definition - to say which
>
> instance of the radius AVP you are looking for
>
>
>
> Regards,
>
>
>
> Bogdan-Andrei Iancu
>
> OpenSIPS Founder and Developer
>
> http://www.opensips-solutions.com
>
>
>
> On 01.04.2014 21:29, John Quick wrote:
>
> Hi Bogdan,
>
>
>
> Yes absolutely certain. I used Wireshark to check.
>
>
>
> I did make a little progress with this problem after finding some
>
> info on the Internet.
>
> The name that has to be used in set2 is "Cisco-AVPair". This
>
> allows me to retrieve just one VSA value.
>
> The *real* problem is that you cannot retrieve values 2, 3, 4, etc.
>
> This is because multiple instances are returned using the same VSA.
>
> They are all returned by the server in the attribute called
>
> h323-ivr-in. I even found the code in the sources that retrieves them.
>
> It loops through every instance in
>
> set2 and looks for 1 matching value. So even if you add "Cisco-AVPair"
>
> several times into set2 all you get is the first matching value
>
> many
>
> times.
>
> John
>
>
>
> -----Original Message-----
>
> From: Bogdan-Andrei Iancu [mailto:bogdan at opensips.org]
>
> Sent: 01 April 2014 19:15
>
> To:john.quick at smartvox.co.uk <mailto:john.quick at smartvox.co.uk>; OpenSIPS users mailling list
>
> Subject: Re: [OpenSIPS-Users] radius_send_auth returns Vendor
>
> Specific Attributes
>
>
>
> Hi John,
>
>
>
> It may be a stupid question, but are you sure the AVP does exist
>
> in the RADIUS reply ?
>
>
>
> Regards,
>
>
>
> Bogdan-Andrei Iancu
>
> OpenSIPS Founder and Developer
>
> http://www.opensips-solutions.com
>
>
>
> On 28.03.2014 13:23, John Quick wrote:
>
> Hi,
>
>
>
> With help from this forum, I have just got radius_send_auth working.
>
> I needed some extra dictionaries including dictionary.cisco In
>
> that dictionary, there are vendor specific attributes like this:
>
> ATTRIBUTE h323-ivr-in 100 string
>
> Cisco
>
> ATTRIBUTE h323-credit-amount 101 string
>
> Cisco
>
>
>
> My Radius server returns some data using these VSA's. In
>
> particular, it returns many values using the same VSA -
>
> h323-ivr-in
>
>
>
> I am having trouble recovering the returned values using set2 of
>
> radius_send_auth Can anyone advise me how I should define set2 to
>
> get at these returned values? I have tried the following with no
>
> success:
>
> modparam("aaa_radius", "sets", "set2 =
>
> (h323-return-code=$avp(retcode),
>
> h323-ivr-in=$avp(authretvals))")
>
>
>
> After the function is called, there are no values in
>
> $avp(authretvals)
>
>
>
> Thanks.
>
>
>
> John Quick
>
> Smartvox Limited
>
> Web:www.smartvox.co.uk <http://www.smartvox.co.uk>
>
>
>
>
>
>
>
>
>
> _______________________________________________
>
> Users mailing list
>
> Users at lists.opensips.org <mailto:Users at lists.opensips.org>
>
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20140408/5c7886da/attachment-0001.htm>
More information about the Users
mailing list