VSA Processing embedded values
Ben Gatewood
ben.gatewood at essensys.co.uk
Mon Jan 5 15:32:35 CET 2015
Thanks, Arran. I have to confess I’ve hit a wall in my expertise and can’t figure out how to make your regex model work for cases where there are more than one Attr-255 in the request. I got it working on the first (or nth) one fine but can’t seem to get it to run for each instance of the attribute. Have I misunderstood something?
Thanks,
Ben
On 2 Jan 2015, at 18:44, Arran Cudbard-Bell <a.cudbardb at freeradius.org> wrote:
> In master the destination of an update section can now be specified using an xlat:
>
> authorize {
> update request {
> BroadSoft-Attr-255 += '250=123456'
> BroadSoft-Attr-255 += '260=false'
> }
>
> foreach &BroadSoft-Attr-255 {
> if ("%{Foreach-Variable-0}" =~ /^([0-9]+)=(.*)$/) {
> update request {
> "%{vendor:Broadsoft-Attr-255}-Attr-%{1}" += "%{2}"
> }
> }
> }
>
> update {
> Tmp-String-0 := "%{debug_attr:request:}"
> }
> }
>
> (1) update request {
> (1) BroadSoft-Attr-255 += '250=123456'
> (1) BroadSoft-Attr-255 += '260=false'
> (1) } # update request = noop
> (1) foreach &BroadSoft-Attr-255
> (1) # Foreach-Variable-0 = "250=123456"
> (1) if ("%{Foreach-Variable-0}" =~ /^([0-9]+)=(.*)$/) {
> (1) EXPAND Foreach-Variable-0
> (1) --> 250=123456
> (1) EXPAND %{Foreach-Variable-0}
> (1) --> 250=123456
> (1) if ("%{Foreach-Variable-0}" =~ /^([0-9]+)=(.*)$/) -> TRUE
> (1) if ("%{Foreach-Variable-0}" =~ /^([0-9]+)=(.*)$/) {
> (1) update request {
> (1) EXPAND %{vendor:Broadsoft-Attr-255}-Attr-%{1}
> (1) --> BroadSoft-Attr-250
> (1) EXPAND %{2}
> (1) --> 123456
> (1) BroadSoft-Attr-250 += "123456"
> (1) } # update request = noop
> (1) } # if ("%{Foreach-Variable-0}" =~ /^([0-9]+)=(.*)$/) = noop
> (1) # Foreach-Variable-0 = "260=false"
> (1) if ("%{Foreach-Variable-0}" =~ /^([0-9]+)=(.*)$/) {
> (1) EXPAND Foreach-Variable-0
> (1) --> 260=false
> (1) EXPAND %{Foreach-Variable-0}
> (1) --> 260=false
> (1) if ("%{Foreach-Variable-0}" =~ /^([0-9]+)=(.*)$/) -> TRUE
> (1) if ("%{Foreach-Variable-0}" =~ /^([0-9]+)=(.*)$/) {
> (1) update request {
> (1) EXPAND %{vendor:Broadsoft-Attr-255}-Attr-%{1}
> (1) --> BroadSoft-Attr-260
> (1) EXPAND %{2}
> (1) --> false
> (1) BroadSoft-Attr-260 += "false"
> (1) } # update request = noop
> (1) } # if ("%{Foreach-Variable-0}" =~ /^([0-9]+)=(.*)$/) = noop
> (1) } # foreach &BroadSoft-Attr-255 = noop
> (1) update {
> (1) Attributes matching "request:"
> (1) &request:User-Name = foo
> (1) &request:User-Password = bar
> (1) &request:NAS-IP-Address = 127.0.0.1
> (1) &request:NAS-Port = 0
> (1) &request:Message-Authenticator = 0x16c9d85342f767d7ebc5332ba54e9156
> (1) &request:BroadSoft-Attr-255 += 250=123456
> (1) &request:BroadSoft-Attr-255 += 260=false
> (1) &request:BWAS-Call-Center-Forced-Forwarding-Act-Result += 123456
> (1) &request:BWAS-CB-Deactivation-Fac-Result += false
> (1) EXPAND %{debug_attr:request:}
> (1) -->
> (1) Tmp-String-0 := ""
> (1) } # update = noop
> (1) } # authorize = noop
>
> Lots of changes though, and relaxation of allowed attribute number ranges for VSAs
> so probably not a good idea to merge it in to v3.0.x.
>
> Hopefully we can fix foreach to provide full attribute references with &Foreach-Variable-N,
> instead of just the string value.
>
> Then re-encoding for proxying would be fairly trivial:
>
> update request {
> BroadSoft-Attr-255 !* ANY
> }
>
> foreach &request: {
> if (("%{vendor:&Foreach-Variable-0}" == 'BroadSoft') && ("%{attr_num:&Foreach-Variable-0}" > 255)) {
> update {
> Broadsoft-Attr-255 += "%{attr_num:&Foreach-Variable-0}=%{Foreach-Variable-0}"
> }
> }
> }
>
> Same would work for Cisco-AVPairs. Decode/Encode process could be wrapped in some policies shipped with the server.
>
> -Arran
>
> Arran Cudbard-Bell <a.cudbardb at freeradius.org>
> FreeRADIUS development team
>
> FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list