Thanks, Arran. I have to confess I’ve hit a wall in my expertise and can’t figure out how to make your regex model work for cases where there are more than one Attr-255 in the request. I got it working on the first (or nth) one fine but can’t seem to get it to run for each instance of the attribute. Have I misunderstood something? Thanks, Ben On 2 Jan 2015, at 18:44, Arran Cudbard-Bell <a.cudbardb@freeradius.org> wrote:
In master the destination of an update section can now be specified using an xlat:
authorize { update request { BroadSoft-Attr-255 += '250=123456' BroadSoft-Attr-255 += '260=false' }
foreach &BroadSoft-Attr-255 { if ("%{Foreach-Variable-0}" =~ /^([0-9]+)=(.*)$/) { update request { "%{vendor:Broadsoft-Attr-255}-Attr-%{1}" += "%{2}" } } }
update { Tmp-String-0 := "%{debug_attr:request:}" } }
(1) update request { (1) BroadSoft-Attr-255 += '250=123456' (1) BroadSoft-Attr-255 += '260=false' (1) } # update request = noop (1) foreach &BroadSoft-Attr-255 (1) # Foreach-Variable-0 = "250=123456" (1) if ("%{Foreach-Variable-0}" =~ /^([0-9]+)=(.*)$/) { (1) EXPAND Foreach-Variable-0 (1) --> 250=123456 (1) EXPAND %{Foreach-Variable-0} (1) --> 250=123456 (1) if ("%{Foreach-Variable-0}" =~ /^([0-9]+)=(.*)$/) -> TRUE (1) if ("%{Foreach-Variable-0}" =~ /^([0-9]+)=(.*)$/) { (1) update request { (1) EXPAND %{vendor:Broadsoft-Attr-255}-Attr-%{1} (1) --> BroadSoft-Attr-250 (1) EXPAND %{2} (1) --> 123456 (1) BroadSoft-Attr-250 += "123456" (1) } # update request = noop (1) } # if ("%{Foreach-Variable-0}" =~ /^([0-9]+)=(.*)$/) = noop (1) # Foreach-Variable-0 = "260=false" (1) if ("%{Foreach-Variable-0}" =~ /^([0-9]+)=(.*)$/) { (1) EXPAND Foreach-Variable-0 (1) --> 260=false (1) EXPAND %{Foreach-Variable-0} (1) --> 260=false (1) if ("%{Foreach-Variable-0}" =~ /^([0-9]+)=(.*)$/) -> TRUE (1) if ("%{Foreach-Variable-0}" =~ /^([0-9]+)=(.*)$/) { (1) update request { (1) EXPAND %{vendor:Broadsoft-Attr-255}-Attr-%{1} (1) --> BroadSoft-Attr-260 (1) EXPAND %{2} (1) --> false (1) BroadSoft-Attr-260 += "false" (1) } # update request = noop (1) } # if ("%{Foreach-Variable-0}" =~ /^([0-9]+)=(.*)$/) = noop (1) } # foreach &BroadSoft-Attr-255 = noop (1) update { (1) Attributes matching "request:" (1) &request:User-Name = foo (1) &request:User-Password = bar (1) &request:NAS-IP-Address = 127.0.0.1 (1) &request:NAS-Port = 0 (1) &request:Message-Authenticator = 0x16c9d85342f767d7ebc5332ba54e9156 (1) &request:BroadSoft-Attr-255 += 250=123456 (1) &request:BroadSoft-Attr-255 += 260=false (1) &request:BWAS-Call-Center-Forced-Forwarding-Act-Result += 123456 (1) &request:BWAS-CB-Deactivation-Fac-Result += false (1) EXPAND %{debug_attr:request:} (1) --> (1) Tmp-String-0 := "" (1) } # update = noop (1) } # authorize = noop
Lots of changes though, and relaxation of allowed attribute number ranges for VSAs so probably not a good idea to merge it in to v3.0.x.
Hopefully we can fix foreach to provide full attribute references with &Foreach-Variable-N, instead of just the string value.
Then re-encoding for proxying would be fairly trivial:
update request { BroadSoft-Attr-255 !* ANY }
foreach &request: { if (("%{vendor:&Foreach-Variable-0}" == 'BroadSoft') && ("%{attr_num:&Foreach-Variable-0}" > 255)) { update { Broadsoft-Attr-255 += "%{attr_num:&Foreach-Variable-0}=%{Foreach-Variable-0}" } } }
Same would work for Cisco-AVPairs. Decode/Encode process could be wrapped in some policies shipped with the server.
-Arran
Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS development team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html