[OpenSIPS-Devel] Scripting problem RFC5090/Diameter

Alexandre Westfahl (アレックサンドル ウエ Alexandre Westfahl (アレックサンドル ウエ
Thu Jun 3 18:43:54 CEST 2010 

Hello,

I am using OpenSIPS with auth_radius module to simulate to radius client
with my Diameter/Radius Gateway. With scripting variables I succeeded for a
part but I still have some problems. I change some functions to make
opensips and my requests fully compliant to RFC 5090.

First, there is some bugs in names. For example, two variables have the same
name and one of them was with the wrong number to parse. Here is a propose
change:
pvar.c

>     {{"an", (sizeof("an")-1)}, /* */
>         PVT_AUTH_NONCE, pv_get_authattr, 0,
>         0, 0, pv_init_iname, 5},
>     {{"aR", (sizeof("aR")-1)}, /* */
>         PVT_AUTH_RESPONSE, pv_get_authattr, 0,
>         0, 0, pv_init_iname, 6},
>

Second, I changed some functions in aaa_radius because I need high
customization (to make it compliant with RFC5090).
I changed "proxy_challenge" and I want to give as parameters realm and nonce
(nonce must be done on diameter server). I succeeded in making static
parameters but if I try this:

> xlog("realm: $var(realm), nonce: $var(nonce)\n");
> proxy_challenge( "$var(realm)", "$var(nonce)");
>
In xlog, everything is Ok but in proxy_challenge, I obtain variables as they
are, e.g."$var(realm)". It's hard to get into opensips source in just one
day but I found that there is a translator in auth_mod.c.
Here is the non controlled.

>     {"proxy_challenge",     (cmd_function)proxy_challenge,         2,
>         0, 0, REQUEST_ROUTE},
>
Obtained values are as I said before.

If I try, to activate a translator:

>     {"proxy_challenge",     (cmd_function)proxy_challenge,         2,
>         fixup_pvar_pvar, 0, REQUEST_ROUTE},
>
It's supposed to work but I obtain "N" for both values.


For information, here is my opensips.cfg:

> # We are in REGISTER part!
> $var(method)="REGISTER";
>
>
> if ($adu == NULL)
> {
>     radius_send_auth("Frequest","challenge");
>     #Digest-Realm = $var(realm),Digest-Nonce = $var(nonce),Digest-Qop =
> $var(qop),Digest-Algorithm = $var(algorithm)
>
>     xlog("realm: $var(realm), nonce: $var(nonce)\n");
>
>     proxy_challenge( "$var(realm)", "$var(nonce)");
>     exit;
> }
> else
> {
>     radius_send_auth("request","result");
>     xlog( "SECOND REQUEST!!!!!!!!!!!!!!!\n");
> }
> xlog("**********************************OUT");
>

I changed all functions after proxy_challenge (like challenge...) to give
the nonce, don't ask for qop (always on) and don't manage nonce index as
it's not sip server job.


I hope I was clear in my questions.

Thanks

Best regards,
Alexandre Westfahl,
Keio University, Yokohama
Teraoka Lab.
Linux User: #458230
PGP: EACE5768
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.opensips.org/pipermail/devel/attachments/20100604/5cf03ca6/attachment.htm

More information about the Devel mailing list