VSA Processing embedded values

Arran Cudbard-Bell a.cudbardb at freeradius.org
Fri Jan 2 19:44:35 CET 2015


In master the destination of an update section can now be specified using an xlat:

authorize {
        update request {
                BroadSoft-Attr-255 += '250=123456'
                BroadSoft-Attr-255 += '260=false'
        }   

        foreach &BroadSoft-Attr-255 {
                if ("%{Foreach-Variable-0}" =~ /^([0-9]+)=(.*)$/) {
                        update request {
                                "%{vendor:Broadsoft-Attr-255}-Attr-%{1}" += "%{2}"
                        }   
                }   
        }   

        update {
                Tmp-String-0 := "%{debug_attr:request:}"
        }   
}

(1)     update request {
(1)       BroadSoft-Attr-255 += '250=123456'
(1)       BroadSoft-Attr-255 += '260=false'
(1)     } # update request = noop
(1)     foreach &BroadSoft-Attr-255 
(1)     # Foreach-Variable-0 = "250=123456"
(1)       if ("%{Foreach-Variable-0}" =~ /^([0-9]+)=(.*)$/) {
(1)       EXPAND Foreach-Variable-0
(1)          --> 250=123456
(1)       EXPAND %{Foreach-Variable-0}
(1)          --> 250=123456
(1)       if ("%{Foreach-Variable-0}" =~ /^([0-9]+)=(.*)$/)  -> TRUE
(1)       if ("%{Foreach-Variable-0}" =~ /^([0-9]+)=(.*)$/)  {
(1)         update request {
(1)           EXPAND %{vendor:Broadsoft-Attr-255}-Attr-%{1}
(1)              --> BroadSoft-Attr-250
(1)           EXPAND %{2}
(1)              --> 123456
(1)           BroadSoft-Attr-250 += "123456"
(1)         } # update request = noop
(1)       } # if ("%{Foreach-Variable-0}" =~ /^([0-9]+)=(.*)$/)  = noop
(1)     # Foreach-Variable-0 = "260=false"
(1)       if ("%{Foreach-Variable-0}" =~ /^([0-9]+)=(.*)$/) {
(1)       EXPAND Foreach-Variable-0
(1)          --> 260=false
(1)       EXPAND %{Foreach-Variable-0}
(1)          --> 260=false
(1)       if ("%{Foreach-Variable-0}" =~ /^([0-9]+)=(.*)$/)  -> TRUE
(1)       if ("%{Foreach-Variable-0}" =~ /^([0-9]+)=(.*)$/)  {
(1)         update request {
(1)           EXPAND %{vendor:Broadsoft-Attr-255}-Attr-%{1}
(1)              --> BroadSoft-Attr-260
(1)           EXPAND %{2}
(1)              --> false
(1)           BroadSoft-Attr-260 += "false"
(1)         } # update request = noop
(1)       } # if ("%{Foreach-Variable-0}" =~ /^([0-9]+)=(.*)$/)  = noop
(1)     } # foreach &BroadSoft-Attr-255 = noop
(1)     update {
(1)       Attributes matching "request:"
(1)         &request:User-Name = foo
(1)         &request:User-Password = bar
(1)         &request:NAS-IP-Address = 127.0.0.1
(1)         &request:NAS-Port = 0
(1)         &request:Message-Authenticator = 0x16c9d85342f767d7ebc5332ba54e9156
(1)         &request:BroadSoft-Attr-255 += 250=123456
(1)         &request:BroadSoft-Attr-255 += 260=false
(1)         &request:BWAS-Call-Center-Forced-Forwarding-Act-Result += 123456
(1)         &request:BWAS-CB-Deactivation-Fac-Result += false
(1)         EXPAND %{debug_attr:request:}
(1)            --> 
(1)         Tmp-String-0 := ""
(1)       } # update = noop
(1)     } # authorize = noop

Lots of changes though, and relaxation of allowed attribute number ranges for VSAs 
so probably not a good idea to merge it in to v3.0.x.

Hopefully we can fix foreach to provide full attribute references with &Foreach-Variable-N,
instead of just the string value.

Then re-encoding for proxying would be fairly trivial:

update request {
	BroadSoft-Attr-255 !* ANY
}

foreach &request: {
	if (("%{vendor:&Foreach-Variable-0}" == 'BroadSoft') && ("%{attr_num:&Foreach-Variable-0}" > 255)) {
		update {
			Broadsoft-Attr-255 += "%{attr_num:&Foreach-Variable-0}=%{Foreach-Variable-0}"
		}
	}
}

Same would work for Cisco-AVPairs. Decode/Encode process could be wrapped in some policies shipped with the server.

-Arran

Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS development team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2



More information about the Freeradius-Users mailing list