Alvarion attributes Re: (no subject)

Thu Jul 13 23:14:38 CEST 2006

"Robert Dukes" <rbdukes at gmail.com> wrote:
> This really sucks :) We invested so much into the gear here as our project
> is funding by caring people. So there is no way to get this done ah ????

  Try the patch below, which should work in 1.1.x.

    No guarantees... it just compiles, and I haven't tested it.
You'll also have to create a dictionary, but I leave that part up to
you.

  Alan DeKok.

Index: src/include/libradius.h
===================================================================
RCS file: /source/radiusd/src/include/libradius.h,v
retrieving revision 1.76.2.2.2.9
diff -u -r1.76.2.2.2.9 libradius.h

--- src/include/libradius.h	15 Jun 2006 21:47:14 -0000	1.76.2.2.2.9
+++ src/include/libradius.h	13 Jul 2006 21:22:18 -0000
@@ -65,12 +65,13 @@
 #define CHAP_VALUE_LENGTH       16
 #define MAX_STRING_LEN		254	/* RFC2138: string 0-253 octets */
 
+#  define VENDOR(x)		((x >> 16) & 0xffff)
+
 #ifdef _LIBRADIUS
 #  define AUTH_HDR_LEN		20
 #  define VENDORPEC_USR		429
 #define VENDORPEC_LUCENT	4846
 #define VENDORPEC_STARENT	8164
-#  define VENDOR(x)		((x >> 16) & 0xffff)
 #  define DEBUG			if (librad_debug) printf
 #  define debug_pair(vp)	do { if (librad_debug) { \
 					putchar('\t'); \
Index: src/modules/rlm_preprocess/rlm_preprocess.c
===================================================================
RCS file: /source/radiusd/src/modules/rlm_preprocess/rlm_preprocess.c,v
retrieving revision 1.52.2.1.2.1
diff -u -r1.52.2.1.2.1 rlm_preprocess.c
--- src/modules/rlm_preprocess/rlm_preprocess.c	5 May 2006 17:31:53 -0000	1.52.2.1.2.1
+++ src/modules/rlm_preprocess/rlm_preprocess.c	13 Jul 2006 21:22:18 -0000
@@ -48,6 +48,7 @@
 	int		with_ntdomain_hack;
 	int		with_specialix_jetstream_hack;
 	int		with_cisco_vsa_hack;
+	int		with_alvarion_vsa_hack;
 } rlm_preprocess_t;
 
 static CONF_PARSER module_config[] = {
@@ -69,6 +70,8 @@
 	  "no" },
 	{ "with_cisco_vsa_hack",        PW_TYPE_BOOLEAN,
 	  offsetof(rlm_preprocess_t,with_cisco_vsa_hack), NULL, "no" },
+	{ "with_alvarion_vsa_hack",        PW_TYPE_BOOLEAN,
+	  offsetof(rlm_preprocess_t,with_alvarion_vsa_hack), NULL, "no" },
 
 	{ NULL, -1, 0, NULL, NULL }
 };
@@ -115,7 +118,7 @@
 	char		newattr[MAX_STRING_LEN];
 
 	for ( ; vp != NULL; vp = vp->next) {
-		vendorcode = (vp->attribute >> 16); /* HACK! */
+		vendorcode = VENDOR(vp->attribute);
 		if (!((vendorcode == 9) || (vendorcode == 6618))) continue; /* not a Cisco or Quintum VSA, continue */
 
 		if (vp->type != PW_TYPE_STRING) continue;
@@ -170,6 +173,26 @@
 	}
 }
 
+
+/*
+ *	Don't even ask what this is doing...
+ */
+static void alvarion_vsa_hack(VALUE_PAIR *vp)
+{
+	int		vendorcode;
+	int		number = 1;
+
+	for ( ; vp != NULL; vp = vp->next) {
+		vendorcode = VENDOR(vp->attribute);
+		if (vendorcode != 12394) continue;
+		if (vp->type != PW_TYPE_STRING) continue;
+
+		vp->attribute = number | (12394 << 16);
+		snprintf(vp->name, sizeof(vp->name),
+			 "Breezecom-Attr%d", number++);
+	}
+}
+
 /*
  *	Mangle username if needed, IN PLACE.
  */
@@ -515,6 +538,14 @@
 		cisco_vsa_hack(request->packet->vps);
 	}
 
+	if (data->with_alvarion_vsa_hack) {
+	 	/*
+		 *	We need to run this hack because the Alvarion
+		 *	people are crazy.
+		 */
+		alvarion_vsa_hack(request->packet->vps);
+	}
+
 	/*
 	 *	Note that we add the Request-Src-IP-Address to the request
 	 *	structure BEFORE checking huntgroup access.  This allows


