<!-- Kamailio Project uses GitHub Issues only for bugs in the code or feature requests. Please use this template only for bug reports.
If you have questions about using Kamailio or related to its configuration file, ask on sr-users mailing list:
* http://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
If you have questions about developing extensions to Kamailio or its existing C code, ask on sr-dev mailing list:
* http://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
Please try to fill this template as much as possible for any issue. It helps the developers to troubleshoot the issue.
If there is no content to be filled in a section, the entire section can be removed.
You can delete the comments from the template sections when filling.
You can delete next line and everything above before submitting (it is a comment). -->
### Description
I've been trying to setup kamailio with the latest freeradius-client. I've been using the docker image `kamailio/kamailio:5.3.1-jessie` adding the freeradius-client (latest github pool).
However it seems that kamailio cannot create a proper radius request and fails with error `3(9) ERROR: auth_radius [sterman.c:264]: radius_authorize_sterman(): unable to add User-Name attribute`
### Troubleshooting
#### Reproduction
Install freeradius-client
``` git clone https://github.com/FreeRADIUS/freeradius-client.git \ && cd freeradius-client/ \ && ./configure \ && make \ && make install ```
Modify the `/usr/local/etc/radiusclient/dictionary` and append the following lines
``` $INCLUDE /etc/radiusclient/dictionary.sip $INCLUDE /etc/radiusclient/dictionary.kamailio # https://github.com/kamailio/kamailio/blob/master/src/modules/auth_radius/cfg... ```
Configure auth_radius
``` loadmodule "auth_radius.so" loadmodule "misc_radius.so"
modparam("auth_radius|misc_radius", "radius_config", "/usr/local/etc/radiusclient/radiusclient.conf") ```
#### Debugging Data
I've went on the tried to debug the issue from the freeradius-client's point of view since it was easier to compile and iterate, and I've added various logs here and there to try and figure out what was wrong. From what I've seen, kamailio invokes `INIT_AV` to setup the `attrs` dictionary containing the dictionary attributes and matching values.
https://github.com/kamailio/kamailio/blob/360e012d9d93c80b62b6e75bfac6e33404...
I've traced the `rc_dict_findattr` and it seems that the library properly returns `User-Name` attribute with value `1`.
However in the `radius_authorize_sterman` function
https://github.com/kamailio/kamailio/blob/360e012d9d93c80b62b6e75bfac6e33404...
the application tries to add the AVPs by invoking `rc_avpair_add` and passing `attr[...].v` value. I've logged the `rc_avpair_add` parameters passed and it seems that `attr[...].v` is not 1 as expected but 0, thus failing since 0 is an invalid attribute code.
I modified freeradius-client to replace `attrid` with 1 if it were a 0 as a test, and it seems that all calls to `rc_avpair_add` by sterman.c are passing 0 as attribute value leading to a radius message like:
``` (0) User-Name = "test@localhost" (0) User-Name = "test" (0) User-Name = "localhost" (0) User-Name = "X3q5AV96t9WlJ5ZnoFFQQq/ftg7u+Mx5KRxYYIA=" (0) User-Name = "sip:localhost" (0) User-Name = "REGISTER" (0) User-Name = "bc6c2152d2e068e16f76188d69e66340" (0) User-Name = "\017" (0) User-Name = "test" (0) NAS-Port = 5060 (0) NAS-IP-Address = 10.10.10.4 ```
(As you can see pretty much all attributes are replaced by User-Name)
It looks like `attrs` dictionary although initialized at `mod_init`, at a later stage is somehow corrupted or reset.
### Additional Information
* **Kamailio Version** - output of `kamailio -v`
``` version: kamailio 5.3.1 (x86_64/linux) flags: USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLACKLIST, HAVE_RESOLV_RES ADAPTIVE_WAIT_LOOPS 1024, MAX_RECV_BUFFER_SIZE 262144, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB poll method support: poll, epoll_lt, epoll_et, sigio_rt, select. id: unknown compiled with gcc 4.9.2 ```
* **Operating System**:
<!-- Details about the operating system, the type: Linux (e.g.,: Debian 8.4, Ubuntu 16.04, CentOS 7.1, ...), MacOS, xBSD, Solaris, ...; Kernel details (output of `uname -a`) -->
``` Linux bea2be591c38 4.19.76-linuxkit #1 SMP Tue May 26 11:42:35 UTC 2020 x86_64 GNU/Linux ```
This is tested on a docker installation using `kamailio/kamailio:5.3.1-jessie`
For debian the libradcli-dev has to be used, not freeradius-client. That's my understanding from build options of debian packages and what I use to compile the modules for static analysis. Otherwise, I do not use the radius modules myself.
If you need support for freeradius on debian, likely you have do to some development (either in the c code or in the makefiles).
For now, I mark this as an enhancement. If nobody comments soon about taking over implementing it, then it will be closed.
If using radcli makes problems, probably is better to ask on sr-users mailing list to sort out the proper configuration options. If afterall proves to be an issue in the code, then a new issue can be opened to reflect the problem with radcli.
looks as on Debian dist `freeradius-client` not present https://packages.debian.org/search?keywords=freeradius-client
So need to compile this lib by-self.
When you complete this task you can use this compile options to use freeradius-client. https://github.com/kamailio/kamailio/blob/master/pkg/kamailio/obs/kamailio.s...
I've noticed that freeradius-client was missing so I created a new Dockerfile to handle this like so:
``` FROM kamailio/kamailio:5.3.1-jessie
RUN apt-get update RUN apt-get install -y --no-install-recommends ca-certificates build-essential git python python-pip python-setuptools file pkg-config
RUN cd /usr/local/src \ && git clone https://github.com/FreeRADIUS/freeradius-client.git \ && cd freeradius-client/ \ && ./configure \ && make \ && make install
RUN ldconfig
EXPOSE 5060
ENTRYPOINT ["kamailio", "-DD", "-E"] ```
Running ldd on the auth_radius.so module afterwards, states:
``` root@bea2be591c38:/usr/lib/x86_64-linux-gnu/kamailio/modules# ldd auth_radius.so linux-vdso.so.1 (0x00007ffc503e5000) libfreeradius-client.so.2 => /usr/local/lib/libfreeradius-client.so.2 (0x00007faf7559e000) libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007faf751f3000) libcrypt.so.1 => /lib/x86_64-linux-gnu/libcrypt.so.1 (0x00007faf74fbc000) libnsl.so.1 => /lib/x86_64-linux-gnu/libnsl.so.1 (0x00007faf74da4000) /lib64/ld-linux-x86-64.so.2 (0x00007faf759c4000) ```
I am currently trying to build the auth_radius.so manually and see if something changes. I am currently getting a implicit declaration warning about `VENDOR()` which I am guess comes from `radcli`, although I explicitly run `FREERADIUS=1 make`
To use freeradius-client required special build options (on CentOS). The example provided above.
Ok, so an update, in order for auth_radius to work with freeradius-client `VENDOR()` must be defined in the headers.
Currently `VENDOR()` is being defined in the radcli library as `#define VENDOR(x) (((x) >> 16) & 0xffff)`(https://github.com/radcli/radcli/blob/f0d1a1704595d62182d6a03c980ed07e906374...) but is missing from freeradius-client.
By adding the line in `misc_radius/radius.h` there are no more implicit declarations and the module is compiled properly by using `FREERADIUS=1 make`, and properly works (headers are being added with the right attribute codes).
I think that the proper place to add the VENDOR definition is here:
https://github.com/kamailio/kamailio/blob/e8ce5cff74c3d53df361e42746bb4a7c1f...
@twmobius Thanks for the additional information. Could you maybe create a pull request for this change, preferable with an #ifdef that its enabled if needed? Then we can review it and integrate it to the code.
@henningw there you go :)
The pull request has been merged, so close this issue. Re-open if necessary.
Closed #2496.
-
Daniel-Constantin Mierla -
Henning Westerholt
-
Paris
-
sergey-safarov