VSA Processing embedded values
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Fri Jan 2 19:44:35 CET 2015
In master the destination of an update section can now be specified using an xlat:
authorize {
update request {
BroadSoft-Attr-255 += '250=123456'
BroadSoft-Attr-255 += '260=false'
}
foreach &BroadSoft-Attr-255 {
if ("%{Foreach-Variable-0}" =~ /^([0-9]+)=(.*)$/) {
update request {
"%{vendor:Broadsoft-Attr-255}-Attr-%{1}" += "%{2}"
}
}
}
update {
Tmp-String-0 := "%{debug_attr:request:}"
}
}
(1) update request {
(1) BroadSoft-Attr-255 += '250=123456'
(1) BroadSoft-Attr-255 += '260=false'
(1) } # update request = noop
(1) foreach &BroadSoft-Attr-255
(1) # Foreach-Variable-0 = "250=123456"
(1) if ("%{Foreach-Variable-0}" =~ /^([0-9]+)=(.*)$/) {
(1) EXPAND Foreach-Variable-0
(1) --> 250=123456
(1) EXPAND %{Foreach-Variable-0}
(1) --> 250=123456
(1) if ("%{Foreach-Variable-0}" =~ /^([0-9]+)=(.*)$/) -> TRUE
(1) if ("%{Foreach-Variable-0}" =~ /^([0-9]+)=(.*)$/) {
(1) update request {
(1) EXPAND %{vendor:Broadsoft-Attr-255}-Attr-%{1}
(1) --> BroadSoft-Attr-250
(1) EXPAND %{2}
(1) --> 123456
(1) BroadSoft-Attr-250 += "123456"
(1) } # update request = noop
(1) } # if ("%{Foreach-Variable-0}" =~ /^([0-9]+)=(.*)$/) = noop
(1) # Foreach-Variable-0 = "260=false"
(1) if ("%{Foreach-Variable-0}" =~ /^([0-9]+)=(.*)$/) {
(1) EXPAND Foreach-Variable-0
(1) --> 260=false
(1) EXPAND %{Foreach-Variable-0}
(1) --> 260=false
(1) if ("%{Foreach-Variable-0}" =~ /^([0-9]+)=(.*)$/) -> TRUE
(1) if ("%{Foreach-Variable-0}" =~ /^([0-9]+)=(.*)$/) {
(1) update request {
(1) EXPAND %{vendor:Broadsoft-Attr-255}-Attr-%{1}
(1) --> BroadSoft-Attr-260
(1) EXPAND %{2}
(1) --> false
(1) BroadSoft-Attr-260 += "false"
(1) } # update request = noop
(1) } # if ("%{Foreach-Variable-0}" =~ /^([0-9]+)=(.*)$/) = noop
(1) } # foreach &BroadSoft-Attr-255 = noop
(1) update {
(1) Attributes matching "request:"
(1) &request:User-Name = foo
(1) &request:User-Password = bar
(1) &request:NAS-IP-Address = 127.0.0.1
(1) &request:NAS-Port = 0
(1) &request:Message-Authenticator = 0x16c9d85342f767d7ebc5332ba54e9156
(1) &request:BroadSoft-Attr-255 += 250=123456
(1) &request:BroadSoft-Attr-255 += 260=false
(1) &request:BWAS-Call-Center-Forced-Forwarding-Act-Result += 123456
(1) &request:BWAS-CB-Deactivation-Fac-Result += false
(1) EXPAND %{debug_attr:request:}
(1) -->
(1) Tmp-String-0 := ""
(1) } # update = noop
(1) } # authorize = noop
Lots of changes though, and relaxation of allowed attribute number ranges for VSAs
so probably not a good idea to merge it in to v3.0.x.
Hopefully we can fix foreach to provide full attribute references with &Foreach-Variable-N,
instead of just the string value.
Then re-encoding for proxying would be fairly trivial:
update request {
BroadSoft-Attr-255 !* ANY
}
foreach &request: {
if (("%{vendor:&Foreach-Variable-0}" == 'BroadSoft') && ("%{attr_num:&Foreach-Variable-0}" > 255)) {
update {
Broadsoft-Attr-255 += "%{attr_num:&Foreach-Variable-0}=%{Foreach-Variable-0}"
}
}
}
Same would work for Cisco-AVPairs. Decode/Encode process could be wrapped in some policies shipped with the server.
-Arran
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS development team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
More information about the Freeradius-Users
mailing list