Re: Alvarion attributes Re: (no subject)
Alan,Thanks for the info,but can you giude me more on this this patch. i am very newbie in the linux and freebsd world. I am more of a window person. On 7/14/06,
Alan DeKok <[EMAIL PROTECTED]> wrote:
"Robert Dukes" <[EMAIL PROTECTED]> wrote:> This really sucks :) We invested so much into the gear here as our project> is funding by caring people. So there is no way to get this done ah
Try the patch below, which should work in 1.1.x.No guarantees... it just compiles, and I haven't tested it.You'll also have to create a dictionary, but I leave that part up toyou. Alan DeKok.
Index: src/include/libradius.h===RCS file: /source/radiusd/src/include/libradius.h,vretrieving revision 1.76.2.2.2.9diff -u -r1.76.2.2.2.9
libradius.h--- src/include/libradius.h 15 Jun 2006 21:47:14 - 1.76.2.2.2.9+++ src/include/libradius.h 13 Jul 2006 21:22:18 -@@ -65,12 +65,13 @@ #define CHAP_VALUE_LENGTH 16 #define MAX_STRING_LEN 254 /* RFC2138: string 0-253 octets */
+# define VENDOR(x)((x >> 16) & 0x)+ #ifdef _LIBRADIUS # define AUTH_HDR_LEN 20 # define VENDORPEC_USR429 #define VENDORPEC_LUCENT 4846
#define VENDORPEC_STARENT 8164-# define VENDOR(x)((x >> 16) & 0x) # define DEBUGif (librad_debug) printf # define debug_pair(vp) do { if (librad_debug) { \
putchar('\t'); \Index: src/modules/rlm_preprocess/rlm_preprocess.c===RCS file: /source/radiusd/src/modules/rlm_preprocess/rlm_preprocess.c,v
retrieving revision 1.52.2.1.2.1diff -u -r1.52.2.1.2.1 rlm_preprocess.c--- src/modules/rlm_preprocess/rlm_preprocess.c 5 May 2006 17:31:53 - 1.52.2.1.2.1+++ src/modules/rlm_preprocess/rlm_preprocess.c 13 Jul 2006 21:22:18 -
@@ -48,6 +48,7 @@int with_ntdomain_hack;int with_specialix_jetstream_hack;int with_cisco_vsa_hack;+ int with_alvarion_vsa_hack;
} rlm_preprocess_t; static CONF_PARSER module_config[] = {@@ -69,6 +70,8 @@ "no" },{ "with_cisco_vsa_hack",PW_TYPE_BOOLEAN, offsetof(rlm_preprocess_t,with_cisco_vsa_hack), NULL, "no" },
+ { "with_alvarion_vsa_hack",PW_TYPE_BOOLEAN,+ offsetof(rlm_preprocess_t,with_alvarion_vsa_hack), NULL, "no" },{ NULL, -1, 0, NULL, NULL } };@@ -115,7 +118,7 @@
charnewattr[MAX_STRING_LEN];for ( ; vp != NULL; vp = vp->next) {- vendorcode = (vp->attribute >> 16); /* HACK! */+ vendorcode = VENDOR(vp->attribute);
if (!((vendorcode == 9) || (vendorcode == 6618))) continue; /* not a Cisco or Quintum VSA, continue */if (vp->type != PW_TYPE_STRING) continue;@@ -170,6 +173,26 @@}
}++/*+ * Don't even ask what this is doing...+ */+static void alvarion_vsa_hack(VALUE_PAIR *vp)+{+ int vendorcode;+ int number = 1;+
+ for ( ; vp != NULL; vp = vp->next) {+ vendorcode = VENDOR(vp->attribute);+ if (vendorcode != 12394) continue;+ if (vp->type != PW_TYPE_STRING) continue;
++ vp->attribute = number | (12394 << 16);+ snprintf(vp->name, sizeof(vp->name),+"Breezecom-Attr%d", number++);+ }
+}+ /* * Mangle username if needed, IN PLACE. */@@ -515,6 +538,14 @@cisco_vsa_hack(request->packet->vps);}+ if (data->with_alvarion_vsa_hack) {
+ /*+* We need to run this hack because the Alvarion+* people are crazy.+*/+ alvarion_vsa_hack(request->packet->vps);
+ }+/* * Note that we add the Request-Src-IP-Address to the request * structure BEFORE checking huntgroup access. This allows-List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html-- Robert Dukes
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Alvarion attributes Re: (no subject)
"Robert Dukes" <[EMAIL PROTECTED]> wrote:
> This really sucks :) We invested so much into the gear here as our project
> is funding by caring people. So there is no way to get this done ah
Try the patch below, which should work in 1.1.x.
No guarantees... it just compiles, and I haven't tested it.
You'll also have to create a dictionary, but I leave that part up to
you.
Alan DeKok.
Index: src/include/libradius.h
===
RCS file: /source/radiusd/src/include/libradius.h,v
retrieving revision 1.76.2.2.2.9
diff -u -r1.76.2.2.2.9 libradius.h
--- src/include/libradius.h 15 Jun 2006 21:47:14 - 1.76.2.2.2.9
+++ src/include/libradius.h 13 Jul 2006 21:22:18 -
@@ -65,12 +65,13 @@
#define CHAP_VALUE_LENGTH 16
#define MAX_STRING_LEN 254 /* RFC2138: string 0-253 octets */
+# define VENDOR(x)((x >> 16) & 0x)
+
#ifdef _LIBRADIUS
# define AUTH_HDR_LEN 20
# define VENDORPEC_USR429
#define VENDORPEC_LUCENT 4846
#define VENDORPEC_STARENT 8164
-# define VENDOR(x)((x >> 16) & 0x)
# define DEBUGif (librad_debug) printf
# define debug_pair(vp) do { if (librad_debug) { \
putchar('\t'); \
Index: src/modules/rlm_preprocess/rlm_preprocess.c
===
RCS file: /source/radiusd/src/modules/rlm_preprocess/rlm_preprocess.c,v
retrieving revision 1.52.2.1.2.1
diff -u -r1.52.2.1.2.1 rlm_preprocess.c
--- src/modules/rlm_preprocess/rlm_preprocess.c 5 May 2006 17:31:53 -
1.52.2.1.2.1
+++ src/modules/rlm_preprocess/rlm_preprocess.c 13 Jul 2006 21:22:18 -
@@ -48,6 +48,7 @@
int with_ntdomain_hack;
int with_specialix_jetstream_hack;
int with_cisco_vsa_hack;
+ int with_alvarion_vsa_hack;
} rlm_preprocess_t;
static CONF_PARSER module_config[] = {
@@ -69,6 +70,8 @@
"no" },
{ "with_cisco_vsa_hack",PW_TYPE_BOOLEAN,
offsetof(rlm_preprocess_t,with_cisco_vsa_hack), NULL, "no" },
+ { "with_alvarion_vsa_hack",PW_TYPE_BOOLEAN,
+ offsetof(rlm_preprocess_t,with_alvarion_vsa_hack), NULL, "no" },
{ NULL, -1, 0, NULL, NULL }
};
@@ -115,7 +118,7 @@
charnewattr[MAX_STRING_LEN];
for ( ; vp != NULL; vp = vp->next) {
- vendorcode = (vp->attribute >> 16); /* HACK! */
+ vendorcode = VENDOR(vp->attribute);
if (!((vendorcode == 9) || (vendorcode == 6618))) continue; /*
not a Cisco or Quintum VSA, continue */
if (vp->type != PW_TYPE_STRING) continue;
@@ -170,6 +173,26 @@
}
}
+
+/*
+ * Don't even ask what this is doing...
+ */
+static void alvarion_vsa_hack(VALUE_PAIR *vp)
+{
+ int vendorcode;
+ int number = 1;
+
+ for ( ; vp != NULL; vp = vp->next) {
+ vendorcode = VENDOR(vp->attribute);
+ if (vendorcode != 12394) continue;
+ if (vp->type != PW_TYPE_STRING) continue;
+
+ vp->attribute = number | (12394 << 16);
+ snprintf(vp->name, sizeof(vp->name),
+"Breezecom-Attr%d", number++);
+ }
+}
+
/*
* Mangle username if needed, IN PLACE.
*/
@@ -515,6 +538,14 @@
cisco_vsa_hack(request->packet->vps);
}
+ if (data->with_alvarion_vsa_hack) {
+ /*
+* We need to run this hack because the Alvarion
+* people are crazy.
+*/
+ alvarion_vsa_hack(request->packet->vps);
+ }
+
/*
* Note that we add the Request-Src-IP-Address to the request
* structure BEFORE checking huntgroup access. This allows
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Alvarion attributes Re: (no subject)
This really sucks :) We invested so much into the gear here as our project is funding by caring people. So there is no way to get this done ah On 7/14/06, Alan DeKok <[EMAIL PROTECTED]> wrote: "Robert Dukes" <[EMAIL PROTECTED]> wrote:> Breezenet/Breezecom/Alvarion VSA's. These NASs send> Ethernet port data in VSAs (up to 11 per accounting request) but > unfortunately dont use the same attribute numbers each time. Instead,> the attribute number increments each time, then wraps at 256. Radiator> automatically maps the fist one in a packet to Breezecom-Attr1, the > second to Breezecom-Attr2 etc through to Breezecom-Attr11. Ah. *That* vendor. My suggestion is to throw away their equipmentand buy equipment that works. Barring that, file a bug with them, and tell them their product is retarded. If you *have* to use their equipment, write a module to do thatre-mapping. It should be 30-40 lines of Perl, or about 200 lines of C. Alan DeKok.-List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html-- Robert Dukes - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
