retronetworking
/
yate
12
0
Fork 2
Code Issues Pull Requests Projects Releases Wiki Activity

Allow returning attributes from rejected RADIUS authentication. 

git-svn-id: http://voip.null.ro/svn/yate@4369 acf43c95-373e-0410-b603-e72c3f656dc1
This commit is contained in:
paulc 2011-05-12 18:55:24 +00:00
parent 9ed9ec13c5
commit 21d64d3c43
2 changed files with 10 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
conf.d/yradius.conf.sample
View File

@ -71,6 +71,9 @@
; ret: will set authentication returned attributes back into message
;ret:attribute-name=paramname
; ret-fail: will set returned attributes from auth rejection back into message
;ret-fail:attribute-name=paramname
; Any other parameter will attempt to match the right hand Regexp
;paramname=REGEXP

12
modules/server/yradius.cpp
View File

@ -351,7 +351,7 @@ public:
bool addAttribute(const char* attrib, unsigned char subType, const char* val, bool emptyOk = false);
void addAttributes(NamedList& params, NamedList* list);
bool prepareAttributes(NamedList& params, bool forAcct = true, String* user = 0);
bool returnAttributes(NamedList& params, const ObjList* attributes);
bool returnAttributes(NamedList& params, const ObjList* attributes, bool ok = true);
static bool fillRandom(DataBlock& data, int len);
private:
@ -1292,7 +1292,7 @@ bool RadiusClient::prepareAttributes(NamedList& params, bool forAcct, String* us
}
// Copy some attributes back from RADIUS answer to parameter list (message)
bool RadiusClient::returnAttributes(NamedList& params, const ObjList* attributes)
bool RadiusClient::returnAttributes(NamedList& params, const ObjList* attributes, bool ok)
{
Lock lock(s_cfgMutex);
NamedList* sect = s_cfg.getSection(m_section);
@ -1309,7 +1309,7 @@ bool RadiusClient::returnAttributes(NamedList& params, const ObjList* attributes
attr->getString(val);
attrDump << "\r\n " << attr->name() << "='" << val << "'";
}
String tmp("ret:");
String tmp(ok ? "ret:" : "ret-fail:");
tmp += attr->name();
String* par = sect->getParam(tmp);
if (par && *par) {
@ -1366,13 +1366,15 @@ bool AuthHandler::received(Message& msg)
radclient.addAttribute("h323-remote-address",address);
ObjList result;
if (radclient.doAuthenticate(&result) != AuthSuccess)
if (radclient.doAuthenticate(&result) != AuthSuccess) {
radclient.returnAttributes(msg,&result,false);
return false;
}
// copy back the username we actually authenticated
if (user)
msg.setParam("username",user);
// and pick whatever other parameters we want to return
radclient.returnAttributes(msg,&result);
radclient.returnAttributes(msg,&result,true);
if (s_pb_enabled)
portaBillingRoute(msg,&result);
// signal we don't return a password