Hello,
First, radius_auth module is currently being heavily refurbished. We
will include the new version in the upcomming release.
On 03-03 16:51, Bjoern Zuelch wrote:
Hi all,
i have found some probs with the radius_auth module in ser.
the ane in the function authorize() in file authorize.c :
when calling the function check_nonce this function returns always that the
two nonce's (given and new generated one are not the same. But if we compare
the two nonce's manually both are the same. I replaced the memcmp function
with the strcmp funtion,but nothings changes. So there is may a missing \0
at the end of the strings.
Most of the code in ser doesn't use zero terminated strings, we store
length of strings in separate variable.
Next problem is in the function check_response:
On Solaris we have no freeradiusd ,so I replaced it through
radius_authorize(...).
If the function radius_authorize is called, the radiusmessage will be
created through calling the function rc_avpair_add(...). All is fine if it
will be standard radius-attributes. when the first sip-specific attribute is
comming the rc_avpair_add funtions returns -1. I followed this problem and
find out that in the radiusclient-lib. in function
rc_avpair_assign(avpair.c)/rc_avpair_new(avpair.c) only attributes of the
types PW_TYPE_STRING, PW_TYPE_DATE, PW_TYPE_INTEGER, PW_TYPE_IPADDR are
reccognised. If a PW_SIP_USER_ID attribute or other specific Sip attributes
will be added to the radiusmessage, this function returns with error message
"UNKNOWN ATTIBUTE TYPE" and no radius-authentification is done....
....
RADIUS: rc_avpair_new MALLOC erfolgreich
RADIUS: rc_avpair_assign type=0
RADIUS rc_avpair_assign result=0
RADIUS: rc_avpair_new unknown attribute 110
RADIUS: VALUEPAIR insert fehgeschlagen.!!!
check_cred(): returnvalue of radius_authorize()=-1
....
One possibility is that, I add the PW_SIP_* attributes to the radiusclient
and look, if it run.
The next Problem may be, that the radius server does not understand the sip
specific attributes, if we not use freeradius.
Yes, if you will have to extend the server's dictionary if it doesn't
support SIP specific attributes.
regards, Jan.
Gruß Bjoern
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers