Browse code

* Modules: auth_radius, misc_radius

Moved modules_k/auth_radius and modules_k/misc_radius to modules and
removed modules_s/auth_radius, modules_s/avp_radius, and modules_s/uri_radius.

Juha Heinanen authored on 20/04/2009 05:47:28
Showing 51 changed files
1 1
similarity index 100%
2 2
rename from modules_k/auth_radius/Makefile
3 3
rename to modules/auth_radius/Makefile
4 4
similarity index 100%
5 5
rename from modules_k/auth_radius/README
6 6
rename to modules/auth_radius/README
7 7
similarity index 100%
8 8
rename from modules_k/auth_radius/authorize.c
9 9
rename to modules/auth_radius/authorize.c
10 10
similarity index 100%
11 11
rename from modules_k/auth_radius/authorize.h
12 12
rename to modules/auth_radius/authorize.h
13 13
similarity index 100%
14 14
rename from modules_k/auth_radius/authrad_mod.c
15 15
rename to modules/auth_radius/authrad_mod.c
16 16
similarity index 100%
17 17
rename from modules_k/auth_radius/authrad_mod.h
18 18
rename to modules/auth_radius/authrad_mod.h
19 19
similarity index 100%
20 20
rename from modules_k/auth_radius/doc/auth_radius.xml
21 21
rename to modules/auth_radius/doc/auth_radius.xml
22 22
similarity index 100%
23 23
rename from modules_k/auth_radius/doc/auth_radius_admin.xml
24 24
rename to modules/auth_radius/doc/auth_radius_admin.xml
25 25
similarity index 100%
26 26
rename from modules_k/auth_radius/extra.c
27 27
rename to modules/auth_radius/extra.c
28 28
similarity index 100%
29 29
rename from modules_k/auth_radius/extra.h
30 30
rename to modules/auth_radius/extra.h
31 31
similarity index 100%
32 32
rename from modules_k/auth_radius/sterman.c
33 33
rename to modules/auth_radius/sterman.c
34 34
similarity index 100%
35 35
rename from modules_k/auth_radius/sterman.h
36 36
rename to modules/auth_radius/sterman.h
37 37
similarity index 100%
38 38
rename from modules_k/misc_radius/Makefile
39 39
rename to modules/misc_radius/Makefile
40 40
similarity index 100%
41 41
rename from modules_k/misc_radius/README
42 42
rename to modules/misc_radius/README
43 43
similarity index 100%
44 44
rename from modules_k/misc_radius/doc/misc_radius.xml
45 45
rename to modules/misc_radius/doc/misc_radius.xml
46 46
similarity index 100%
47 47
rename from modules_k/misc_radius/doc/misc_radius_admin.xml
48 48
rename to modules/misc_radius/doc/misc_radius_admin.xml
49 49
similarity index 100%
50 50
rename from modules_k/misc_radius/extra.c
51 51
rename to modules/misc_radius/extra.c
52 52
similarity index 100%
53 53
rename from modules_k/misc_radius/extra.h
54 54
rename to modules/misc_radius/extra.h
55 55
similarity index 100%
56 56
rename from modules_k/misc_radius/functions.c
57 57
rename to modules/misc_radius/functions.c
58 58
similarity index 100%
59 59
rename from modules_k/misc_radius/functions.h
60 60
rename to modules/misc_radius/functions.h
61 61
similarity index 100%
62 62
rename from modules_k/misc_radius/misc_radius.c
63 63
rename to modules/misc_radius/misc_radius.c
64 64
similarity index 100%
65 65
rename from modules_k/misc_radius/misc_radius.h
66 66
rename to modules/misc_radius/misc_radius.h
67 67
deleted file mode 100644
... ...
@@ -1,17 +0,0 @@
1
-# $Id$
2
-#
3
-# Digest Authentication - Radius support
4
-#
5
-# 
6
-# WARNING: do not run this directly, it should be run by the master Makefile
7
-
8
-include ../../Makefile.defs
9
-include ../../Makefile.radius
10
-
11
-auto_gen=
12
-NAME=auth_radius.so
13
-
14
-
15
-DEFS+=-DSER_MOD_INTERFACE
16
-
17
-include ../../Makefile.modules
18 0
deleted file mode 100644
... ...
@@ -1,189 +0,0 @@
1
-
2
-Auth_radius Module
3
-
4
-Jan Janak
5
-
6
-   FhG Fokus
7
-
8
-Juha Heinanen
9
-
10
-   Song Networks
11
-
12
-Stelios Sidiroglou-Douskos
13
-
14
-Edited by
15
-
16
-Jan Janak
17
-
18
-   Copyright � 2002, 2003 FhG FOKUS
19
-     _________________________________________________________
20
-
21
-   Table of Contents
22
-   1. User's Guide
23
-
24
-        1.1. Overview
25
-        1.2. Dependencies
26
-        1.3. Exported Parameters
27
-
28
-              1.3.1. radius_config (string)
29
-              1.3.2. service_type (integer)
30
-
31
-        1.4. Exported Functions
32
-
33
-              1.4.1. radius_www_authorize(realm)
34
-              1.4.2. radius_proxy_authorize(realm)
35
-
36
-   2. Developer's Guide
37
-   3. Frequently Asked Questions
38
-
39
-   List of Examples
40
-   1-1. radius_config parameter usage
41
-   1-2. radius_config usage
42
-   1-3. radius_www_authorize usage
43
-   1-4. proxy_authorize usage
44
-     _________________________________________________________
45
-
46
-Chapter 1. User's Guide
47
-
48
-1.1. Overview
49
-
50
-   This module contains functions that are used to perform
51
-   authentication using a Radius server. Basically the proxy will
52
-   pass along the credentials to the radius server which will in
53
-   turn send a reply containing result of the authentication. So
54
-   basically the whole authentication is done in the Radius
55
-   server. Before sending the request to the radius server we
56
-   perform some sanity checks over the credentials to make sure
57
-   that only well formed credentials will get to the server. We
58
-   have implemented radius authentication according to
59
-   draft-sterman-aaa-sip-00. This module requires radiusclient
60
-   library version 0.4.1 or higher which is available from
61
-   http://developer.berlios.de/projects/radiusclient-ng/.
62
-
63
-   How to configure radius server -- more detailed description --
64
-   TBD.
65
-
66
-   Warning
67
-
68
-   The detailed description of radius authentication setup is
69
-   important since many people will use it and we want to make
70
-   the setup painless.
71
-     _________________________________________________________
72
-
73
-1.2. Dependencies
74
-
75
-   The module depends on the following modules (in the other
76
-   words the listed modules must be loaded before this module):
77
-
78
-     * auth -- Generic authentication functions
79
-     _________________________________________________________
80
-
81
-1.3. Exported Parameters
82
-
83
-1.3.1. radius_config (string)
84
-
85
-   This is the location of the configuration file of radius
86
-   client libraries.
87
-
88
-   Default value is
89
-   "/usr/local/etc/radiusclient/radiusclient.conf".
90
-
91
-   Example 1-1. radius_config parameter usage
92
-modparam("auth_radius", "radius_config", "/etc/radiusclient.conf")
93
-     _________________________________________________________
94
-
95
-1.3.2. service_type (integer)
96
-
97
-   This is the value of the Service-Type radius attribute to be
98
-   used. The default should be fine for most people. See your
99
-   radius client include files for numbers to be put in this
100
-   parameter if you need to change it.
101
-
102
-   Default value is "15".
103
-
104
-   Example 1-2. radius_config usage
105
-modparam("auth_radius", "service_type", 15)
106
-     _________________________________________________________
107
-
108
-1.4. Exported Functions
109
-
110
-1.4.1. radius_www_authorize(realm)
111
-
112
-   The function verifies credentials according to RFC2617. If the
113
-   credentials are verified successfully then the function will
114
-   succeed and mark the credentials as authorized (marked
115
-   credentials can be later used by some other functions). If the
116
-   function was unable to verify the credentials for some reason
117
-   then it will fail and the script should call www_challenge
118
-   which will challenge the user again.
119
-
120
-   This function will, in fact, perform sanity checks over the
121
-   received credentials and then pass them along to the radius
122
-   server which will verify the credentials and return whether
123
-   they are valid or not.
124
-
125
-   Meaning of the parameter is as follows:
126
-
127
-     * realm - Realm is a opaque string that the user agent
128
-       should present to the user so he can decide what username
129
-       and password to use. Usually this is domain of the host
130
-       the server is running on.
131
-       If an empty string "" is used then the server will
132
-       generate it from the request. In case of REGISTER requests
133
-       To header field domain will be used (because this header
134
-       field represents a user being registered), for all other
135
-       messages From header field domain will be used.
136
-
137
-   Example 1-3. radius_www_authorize usage
138
-...
139
-if (!radius_www_authorize("iptel.org")) {
140
-    www_challenge("iptel.org", "1");
141
-};
142
-...
143
-     _________________________________________________________
144
-
145
-1.4.2. radius_proxy_authorize(realm)
146
-
147
-   The function verifies credentials according to RFC2617. If the
148
-   credentials are verified successfully then the function will
149
-   succeed and mark the credentials as authorized (marked
150
-   credentials can be later used by some other functions). If the
151
-   function was unable to verify the credentials for some reason
152
-   then it will fail and the script should call proxy_challenge
153
-   which will challenge the user again.
154
-
155
-   This function will, in fact, perform sanity checks over the
156
-   received credentials and then pass them along to the radius
157
-   server which will verify the credentials and return whether
158
-   they are valid or not.
159
-
160
-   Meaning of the parameter is as follows:
161
-
162
-     * realm - Realm is a opaque string that the user agent
163
-       should present to the user so he can decide what username
164
-       and password to use. Usually this is domain of the host
165
-       the server is running on.
166
-       If an empty string "" is used then the server will
167
-       generate it from the request. From header field domain
168
-       will be used as realm.
169
-
170
-   Example 1-4. proxy_authorize usage
171
-...
172
-if (!radius_proxy_authorize("")) {
173
-    proxy_challenge("", "1");  # Realm will be autogenerated
174
-};
175
-...
176
-     _________________________________________________________
177
-
178
-Chapter 2. Developer's Guide
179
-
180
-   To be done.
181
-     _________________________________________________________
182
-
183
-Chapter 3. Frequently Asked Questions
184
-
185
-   3.1. What is the meaning of life ?
186
-
187
-   3.1. What is the meaning of life ?
188
-
189
-   42
190 0
deleted file mode 100644
... ...
@@ -1,302 +0,0 @@
1
-/*
2
- * $Id$
3
- *
4
- * Digest Authentication - Radius support
5
- *
6
- * Copyright (C) 2001-2003 FhG Fokus
7
- *
8
- * This file is part of ser, a free SIP server.
9
- *
10
- * ser is free software; you can redistribute it and/or modify
11
- * it under the terms of the GNU General Public License as published by
12
- * the Free Software Foundation; either version 2 of the License, or
13
- * (at your option) any later version
14
- *
15
- * For a license to use the ser software under conditions
16
- * other than those described here, or to purchase support for this
17
- * software, please contact iptel.org by e-mail at the following addresses:
18
- *    info@iptel.org
19
- *
20
- * ser is distributed in the hope that it will be useful,
21
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
22
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
23
- * GNU General Public License for more details.
24
- *
25
- * You should have received a copy of the GNU General Public License 
26
- * along with this program; if not, write to the Free Software 
27
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
28
- *
29
- * History:
30
- * -------
31
- * 2003-03-09: Based on authorize.c from radius_auth (janakj)
32
- */
33
-
34
-
35
-#include <string.h>
36
-#include <stdlib.h>
37
-#include "../../mem/mem.h"
38
-#include "../../str.h"
39
-#include "../../sr_module.h"
40
-#include "../../parser/hf.h"
41
-#include "../../parser/digest/digest.h"
42
-#include "../../parser/parse_uri.h"
43
-#include "../../parser/parse_from.h"
44
-#include "../../parser/parse_to.h"
45
-#include "../../dprint.h"
46
-#include "../../id.h"
47
-#include "../../ut.h"
48
-#include "../auth/api.h"
49
-#include "authorize.h"
50
-#include "sterman.h"
51
-#include "authrad_mod.h"
52
-
53
-
54
-static void attr_name_value(str* name, str* value, VALUE_PAIR* vp)
55
-{
56
-    int i;
57
-    
58
-    for (i = 0; i < vp->lvalue; i++) {
59
-	if (vp->strvalue[i] == ':' || vp->strvalue[i] == '=') {
60
-	    name->s = vp->strvalue;
61
-	    name->len = i;
62
-	    
63
-	    if (i == (vp->lvalue - 1)) {
64
-		value->s = (char*)0;
65
-		value->len = 0;
66
-	    } else {
67
-		value->s = vp->strvalue + i + 1;
68
-		value->len = vp->lvalue - i - 1;
69
-	    }
70
-	    return;
71
-	}
72
-    }
73
-
74
-    name->len = value->len = 0;
75
-    name->s = value->s = (char*)0;
76
-}
77
-
78
-
79
-/*
80
- * Generate AVPs from the database result
81
- */
82
-static int generate_avps(VALUE_PAIR* received)
83
-{
84
-	int_str name, val;
85
-	VALUE_PAIR *vp;
86
-	
87
-	vp = rc_avpair_get(received, ATTRID(attrs[A_SER_UID].v), VENDOR(attrs[A_SER_UID].v));
88
-	if (vp == NULL) {
89
-	    WARN("RADIUS server did not send SER-UID attribute in digest authentication reply\n");
90
-	    return -1;
91
-	}
92
-	val.s.len = vp->lvalue;
93
-	val.s.s = vp->strvalue;
94
-	name.s.s = "uid";
95
-	name.s.len = 3;
96
-
97
-	if (add_avp(AVP_TRACK_FROM | AVP_CLASS_USER | AVP_NAME_STR | AVP_VAL_STR, name, val) < 0) {
98
-	    ERR("Unable to create UID attribute\n");
99
-	    return -1;
100
-	}
101
-
102
-	vp = received;
103
-	while ((vp = rc_avpair_get(vp, ATTRID(attrs[A_SER_ATTR].v), VENDOR(attrs[A_SER_ATTR].v)))) {
104
-		attr_name_value(&name.s, &val.s, vp);
105
-		if (name.s.len == 0) {
106
-		    ERR("Missing attribute name\n");
107
-		    return -1;
108
-		}
109
-		
110
-		if (add_avp(AVP_TRACK_FROM | AVP_CLASS_USER | AVP_NAME_STR | AVP_VAL_STR, name, val) < 0) {
111
-			LOG(L_ERR, "generate_avps: Unable to create a new AVP\n");
112
-			return -1;
113
-		} else {
114
-			DBG("generate_avps: AVP '%.*s'='%.*s' has been added\n",
115
-			    name.s.len, ZSW(name.s.s), 
116
-			    val.s.len, ZSW(val.s.s));
117
-		}
118
-		vp = vp->next;
119
-	}
120
-	
121
-	return 0;
122
-}
123
-
124
-
125
-
126
-
127
-/* 
128
- * Extract URI depending on the request from To or From header 
129
- */
130
-static inline int get_uri(struct sip_msg* _m, str** _uri)
131
-{
132
-	if ((REQ_LINE(_m).method.len == 8) && (memcmp(REQ_LINE(_m).method.s, "REGISTER", 8) == 0)) {
133
-		if (!_m->to && ((parse_headers(_m, HDR_TO_F, 0) == -1) || !_m->to)) {
134
-			LOG(L_ERR, "get_uri(): To header field not found or malformed\n");
135
-			return -1;
136
-		}
137
-		*_uri = &(get_to(_m)->uri);
138
-	} else {
139
-		if (parse_from_header(_m) == -1) {
140
-			LOG(L_ERR, "get_uri(): Error while parsing headers\n");
141
-			return -2;
142
-		}
143
-		*_uri = &(get_from(_m)->uri);
144
-	}
145
-	return 0;
146
-}
147
-
148
-
149
-/*
150
- * Authorize digest credentials
151
- */
152
-static inline int authenticate(struct sip_msg* msg, str* realm,
153
-			       hdr_types_t hftype)
154
-{
155
-	int res;
156
-	auth_result_t ret;
157
-	struct hdr_field* h;
158
-	auth_body_t* cred;
159
-	str* uri;
160
-	struct sip_uri puri;
161
-	str user, did;
162
-	VALUE_PAIR* received;
163
-
164
-	cred = 0;
165
-	ret = -1;
166
-	user.s = 0;
167
-	received = NULL;
168
-
169
-	switch(auth_api.pre_auth(msg, realm, hftype, &h, NULL)) {
170
-	default:
171
-		BUG("unexpected reply '%d'.\n", auth_api.pre_auth(msg, realm, hftype,
172
-				&h, NULL));
173
-#ifdef EXTRA_DEBUG
174
-		abort();
175
-#endif
176
-	case ERROR:
177
-	case BAD_CREDENTIALS:
178
-	    ret = -3;
179
-	    goto end;
180
-
181
-	case NOT_AUTHENTICATED:
182
-	    ret = -1;
183
-	    goto end;
184
-
185
-	case DO_AUTHENTICATION:
186
-	    break;
187
-
188
-	case AUTHENTICATED:
189
-	    ret = 1;
190
-	    goto end;
191
-	}
192
-
193
-	cred = (auth_body_t*)h->parsed;
194
-
195
-	if (use_did) {
196
-	    if (msg->REQ_METHOD == METHOD_REGISTER) {
197
-			ret = get_to_did(&did, msg);
198
-	    } else {
199
-			ret = get_from_did(&did, msg);
200
-	    }
201
-	    if (ret == 0) {
202
-			did.s = DEFAULT_DID;
203
-			did.len = sizeof(DEFAULT_DID) - 1;
204
-	    }
205
-	} else {
206
-	    did.len = 0;
207
-	    did.s = 0;
208
-	}
209
-
210
-	if (get_uri(msg, &uri) < 0) {
211
-		LOG(L_ERR, "authorize(): From/To URI not found\n");
212
-		ret = -1;
213
-		goto end;
214
-	}
215
-	
216
-	if (parse_uri(uri->s, uri->len, &puri) < 0) {
217
-		LOG(L_ERR, "authorize(): Error while parsing From/To URI\n");
218
-		ret = -1;
219
-		goto end;
220
-	}
221
-
222
-	user.s = (char *)pkg_malloc(puri.user.len);
223
-	if (user.s == NULL) {
224
-		LOG(L_ERR, "authorize: No memory left\n");
225
-		ret = -1;
226
-		goto end;
227
-	}
228
-	un_escape(&(puri.user), &user);
229
-
230
-	res = radius_authorize_sterman(&received, msg, &cred->digest, &msg->first_line.u.request.method, &user);
231
-	if (res == 1) {
232
-	    switch(auth_api.post_auth(msg, h)) {
233
-	    case ERROR:             
234
-	    case BAD_CREDENTIALS:
235
-		ret = -2;
236
-		break;
237
-
238
-	    case NOT_AUTHENTICATED:
239
-		ret = -1;
240
-		break;
241
-
242
-	    case AUTHENTICATED:
243
-		if (generate_avps(received) < 0) {
244
-		    ret = -1;
245
-		    break;
246
-		}
247
-		ret = 1;
248
-		break;
249
-
250
-	    default:
251
-		ret = -1;
252
-		break;
253
-	    }
254
-	} else {
255
-	    ret = -1;
256
-	}
257
-
258
- end:
259
-	if (received) rc_avpair_free(received);
260
-	if (user.s) pkg_free(user.s);
261
-	if (ret < 0) {
262
-	    if (auth_api.build_challenge(msg, (cred ? cred->stale : 0), realm, NULL, NULL, hftype) < 0) {
263
-		ERR("Error while creating challenge\n");
264
-		ret = -2;
265
-	    }
266
-	}
267
-	return ret;
268
-}
269
-
270
-
271
-/*
272
- * Authorize using Proxy-Authorize header field
273
- */
274
-int radius_proxy_authorize(struct sip_msg* _msg, char* p1, char* p2)
275
-{
276
-    str realm;
277
-
278
-    if (get_str_fparam(&realm, _msg, (fparam_t*)p1) < 0) {
279
-	ERR("Cannot obtain digest realm from parameter '%s'\n", ((fparam_t*)p1)->orig);
280
-	return -1;
281
-    }
282
-    
283
-	 /* realm parameter is converted to str* in str_fixup */
284
-    return authenticate(_msg, &realm, HDR_PROXYAUTH_T);
285
-}
286
-
287
-
288
-/*
289
- * Authorize using WWW-Authorize header field
290
- */
291
-int radius_www_authorize(struct sip_msg* _msg, char* p1, char* p2)
292
-{
293
-    str realm;
294
-
295
-    if (get_str_fparam(&realm, _msg, (fparam_t*)p1) < 0) {
296
-	ERR("Cannot obtain digest realm from parameter '%s'\n", ((fparam_t*)p1)->orig);
297
-	return -1;
298
-    }
299
-    
300
-    return authenticate(_msg, &realm, HDR_AUTHORIZATION_T);
301
-}
302
-
303 0
deleted file mode 100644
... ...
@@ -1,52 +0,0 @@
1
-/*
2
- * $Id$
3
- *
4
- * Digest Authentication - Radius support
5
- *
6
- * Copyright (C) 2001-2003 FhG Fokus
7
- *
8
- * This file is part of ser, a free SIP server.
9
- *
10
- * ser is free software; you can redistribute it and/or modify
11
- * it under the terms of the GNU General Public License as published by
12
- * the Free Software Foundation; either version 2 of the License, or
13
- * (at your option) any later version
14
- *
15
- * For a license to use the ser software under conditions
16
- * other than those described here, or to purchase support for this
17
- * software, please contact iptel.org by e-mail at the following addresses:
18
- *    info@iptel.org
19
- *
20
- * ser is distributed in the hope that it will be useful,
21
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
22
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
23
- * GNU General Public License for more details.
24
- *
25
- * You should have received a copy of the GNU General Public License 
26
- * along with this program; if not, write to the Free Software 
27
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
28
- *
29
- * History:
30
- * -------
31
- * 2003-03-09: Based on authorize.h from radius_auth (janakj)
32
- */
33
-
34
-#ifndef AUTHORIZE_H
35
-#define AUTHORIZE_H
36
-
37
-#include "../../parser/msg_parser.h"
38
-
39
-
40
-/*
41
- * Authorize using Proxy-Authorization header field
42
- */
43
-int radius_proxy_authorize(struct sip_msg* _msg, char* _realm, char* _s2);
44
-
45
-
46
-/*
47
- * Authorize using WWW-Authorization header field
48
- */
49
-int radius_www_authorize(struct sip_msg* _msg, char* _realm, char* _s2);
50
-
51
-
52
-#endif /* AUTHORIZE_H */
53 0
deleted file mode 100644
... ...
@@ -1,204 +0,0 @@
1
-/*
2
- * $Id$
3
- *
4
- * Digest Authentication - Radius support
5
- *
6
- * Copyright (C) 2001-2003 FhG Fokus
7
- *
8
- * This file is part of ser, a free SIP server.
9
- *
10
- * ser is free software; you can redistribute it and/or modify
11
- * it under the terms of the GNU General Public License as published by
12
- * the Free Software Foundation; either version 2 of the License, or
13
- * (at your option) any later version
14
- *
15
- * For a license to use the ser software under conditions
16
- * other than those described here, or to purchase support for this
17
- * software, please contact iptel.org by e-mail at the following addresses:
18
- *    info@iptel.org
19
- *
20
- * ser is distributed in the hope that it will be useful,
21
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
22
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
23
- * GNU General Public License for more details.
24
- *
25
- * You should have received a copy of the GNU General Public License
26
- * along with this program; if not, write to the Free Software
27
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
28
- *
29
- * History:
30
- * -------
31
- *  2003-03-09: Based on auth_mod.c from radius_auth (janakj)
32
- *  2003-03-11: New module interface (janakj)
33
- *  2003-03-16: flags export parameter added (janakj)
34
- *  2003-03-19  all mallocs/frees replaced w/ pkg_malloc/pkg_free (andrei)
35
- */
36
-
37
-
38
-#include <stdio.h>
39
-#include <stdlib.h>
40
-#include <string.h>
41
-#include "../../sr_module.h"
42
-#include "../../error.h"
43
-#include "../../dprint.h"
44
-#include "../../mem/mem.h"
45
-#include "../../config.h"
46
-#include "authrad_mod.h"
47
-#include "authorize.h"
48
-
49
-#ifdef RADIUSCLIENT_NG_4
50
-#  include <radiusclient.h>
51
-# else
52
-#  include <radiusclient-ng.h>
53
-#endif
54
-
55
-MODULE_VERSION
56
-
57
-struct attr attrs[A_MAX];
58
-struct val vals[V_MAX];
59
-void *rh;
60
-
61
-auth_api_t auth_api;
62
-
63
-static int mod_init(void);                        /* Module initialization function */
64
-
65
-int use_did = 1;
66
-int use_ruri_flag = -1;
67
-
68
-
69
-/*
70
- * Module parameter variables
71
- */
72
-static char* radius_config = "/usr/local/etc/radiusclient/radiusclient.conf";
73
-static int service_type = -1;
74
-
75
-
76
-/*
77
- * Exported functions
78
- */
79
-static cmd_export_t cmds[] = {
80
-	{"radius_www_authorize",      radius_www_authorize,   1, fixup_var_str_1, REQUEST_ROUTE},
81
-	{"radius_proxy_authorize",    radius_proxy_authorize, 1, fixup_var_str_1, REQUEST_ROUTE},
82
-	{"radius_www_authenticate",   radius_www_authorize,   1, fixup_var_str_1, REQUEST_ROUTE},
83
-	{"radius_proxy_authenticate", radius_proxy_authorize, 1, fixup_var_str_1, REQUEST_ROUTE},
84
-	{0, 0, 0, 0, 0}
85
-};
86
-
87
-
88
-/*
89
- * Exported parameters
90
- */
91
-static param_export_t params[] = {
92
-	{"radius_config",    PARAM_STRING, &radius_config },
93
-	{"service_type",     PARAM_INT,   &service_type   },
94
-	{"use_did",          PARAM_INT,   &use_did },
95
-	{"use_ruri_flag",    PARAM_INT,   &use_ruri_flag },
96
-	{0, 0, 0}
97
-};
98
-
99
-
100
-/*
101
- * Module interface
102
- */
103
-struct module_exports exports = {
104
-	"auth_radius",
105
-	cmds,       /* Exported functions */
106
-	0,          /* RPC methods */
107
-	params,     /* Exported parameters */
108
-	mod_init,   /* module initialization function */
109
-	0,          /* response function */
110
-	0,          /* destroy function */
111
-	0,          /* oncancel function */
112
-	0           /* child initialization function */
113
-};
114
-
115
-
116
-/*
117
- * Module initialization function
118
- */
119
-static int mod_init(void)
120
-{
121
-	DICT_VENDOR *vend;
122
-	bind_auth_t bind_auth;
123
-
124
-	DBG("auth_radius - Initializing\n");
125
-
126
-	memset(attrs, 0, sizeof(attrs));
127
-	memset(vals, 0, sizeof(vals));
128
-
129
-	     /* RFC2865, RFC2866 */
130
-	attrs[A_USER_NAME].n			= "User-Name";
131
-	attrs[A_SERVICE_TYPE].n			= "Service-Type";
132
-
133
-	     /* draft-sterman-aaa-sip-00 */
134
-	attrs[A_DIGEST_RESPONSE].n		= "Digest-Response";
135
-	attrs[A_DIGEST_REALM].n			= "Digest-Realm";
136
-	attrs[A_DIGEST_NONCE].n			= "Digest-Nonce";
137
-	attrs[A_DIGEST_METHOD].n		= "Digest-Method";
138
-	attrs[A_DIGEST_URI].n			= "Digest-URI";
139
-	attrs[A_DIGEST_QOP].n			= "Digest-QOP";
140
-	attrs[A_DIGEST_ALGORITHM].n		= "Digest-Algorithm";
141
-	attrs[A_DIGEST_BODY_DIGEST].n		= "Digest-Body-Digest";
142
-	attrs[A_DIGEST_CNONCE].n		= "Digest-CNonce";
143
-	attrs[A_DIGEST_NONCE_COUNT].n		= "Digest-Nonce-Count";
144
-	attrs[A_DIGEST_USER_NAME].n		= "Digest-User-Name";
145
-
146
-	     /* SER-specific */
147
-	attrs[A_SER_URI_USER].n			= "SER-Uri-User";
148
-	attrs[A_SER_ATTR].n	                = "SER-Attr";
149
-	attrs[A_SER_UID].n                      = "SER-UID";
150
-	attrs[A_SER_SERVICE_TYPE].n             = "SER-Service-Type";
151
-
152
-	     /* SER-Service-Type */
153
-	vals[V_DIGEST_AUTHENTICATION].n         = "Digest-Authentication";
154
-
155
-	attrs[A_CISCO_AVPAIR].n			= "Cisco-AVPair";
156
-
157
-	     /* draft-schulzrinne-sipping-radius-accounting-00 */
158
-	vals[V_SIP_SESSION].n			= "Sip-Session";
159
-
160
-
161
-	if ((rh = rc_read_config(radius_config)) == NULL) {
162
-		LOG(L_ERR, "auth_radius: Error opening configuration file \n");
163
-		return -1;
164
-	}
165
-
166
-	if (rc_read_dictionary(rh, rc_conf_str(rh, "dictionary")) != 0) {
167
-		LOG(L_ERR, "auth_radius: Error opening dictionary file \n");
168
-		return -2;
169
-	}
170
-
171
-	vend = rc_dict_findvend(rh, "Cisco");
172
-	if (vend == NULL) {
173
-		DBG("auth_radius: No `Cisco' vendor in Radius "
174
-			   "dictionary\n");
175
-		attrs[A_CISCO_AVPAIR].n = NULL;
176
-	}
177
-	
178
-	vend = rc_dict_findvend(rh, "iptelorg");
179
-	if (vend == NULL) {
180
-		ERR("RADIUS dictionary is missing required vendor 'iptelorg'\n");
181
-		return -1;
182
-	}
183
-
184
-
185
-        bind_auth = (bind_auth_t)find_export("bind_auth", 0, 0);
186
-        if (!bind_auth) {
187
-		LOG(L_ERR, "auth_radius: Unable to find bind_auth function\n");
188
-	        return -1;
189
-	}
190
-
191
-	if (bind_auth(&auth_api) < 0) {
192
-		LOG(L_ERR, "auth_radius: Cannot bind to auth module\n");
193
-		return -4;
194
-	}
195
-
196
-	INIT_AV(rh, attrs, vals, "auth_radius", -5, -6);
197
-
198
-	if (service_type != -1) {
199
-		vals[V_SIP_SESSION].v = service_type;
200
-	}
201
-
202
-	return 0;
203
-}
204
-
205 0
deleted file mode 100644
... ...
@@ -1,50 +0,0 @@
1
-/*
2
- * $Id$
3
- *
4
- * Digest Authentication - Radius support
5
- *
6
- * Copyright (C) 2001-2003 FhG Fokus
7
- *
8
- * This file is part of ser, a free SIP server.
9
- *
10
- * ser is free software; you can redistribute it and/or modify
11
- * it under the terms of the GNU General Public License as published by
12
- * the Free Software Foundation; either version 2 of the License, or
13
- * (at your option) any later version
14
- *
15
- * For a license to use the ser software under conditions
16
- * other than those described here, or to purchase support for this
17
- * software, please contact iptel.org by e-mail at the following addresses:
18
- *    info@iptel.org
19
- *
20
- * ser is distributed in the hope that it will be useful,
21
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
22
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
23
- * GNU General Public License for more details.
24
- *
25
- * You should have received a copy of the GNU General Public License 
26
- * along with this program; if not, write to the Free Software 
27
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
28
- *
29
- * History:
30
- * -------
31
- * 2003-03-09: Based on auth_mod.h from radius_authorize (janakj)
32
- */
33
-
34
-
35
-#ifndef AUTHRAD_MOD_H
36
-#define AUTHRAD_MOD_H
37
-
38
-#include "../auth/api.h"
39
-#include "../../rad_dict.h"
40
-
41
-extern struct attr attrs[];
42
-extern struct val vals[];
43
-extern void *rh;
44
-
45
-extern int use_did;
46
-extern int use_ruri_flag;
47
-
48
-extern auth_api_t auth_api;
49
-
50
-#endif /* AUTHRAD_MOD_H */
51 0
deleted file mode 100644
... ...
@@ -1,29 +0,0 @@
1
-#
2
-# The list of documents to build (without extensions)
3
-#
4
-DOCUMENTS = auth_radius
5
-
6
-#
7
-# The root directory containing Makefile.doc
8
-#
9
-ROOT_DIR=../../..
10
-
11
-#
12
-# Validate docbook documents before generating output
13
-# (may be slow)
14
-#
15
-#VALIDATE=1
16
-
17
-#
18
-# You can override the stylesheet used to generate
19
-# xhtml documents here
20
-#
21
-#XHTML_XSL=$(ROOT_DIR)/doc/stylesheets/xhtml.xsl
22
-
23
-#
24
-# You can override the stylesheet used to generate
25
-# plain text documents here
26
-#
27
-#TXT_XSL=$(XHTML_XSL)
28
-
29
-include $(ROOT_DIR)/Makefile.doc
30 0
deleted file mode 100644
... ...
@@ -1,80 +0,0 @@
1
-<?xml version="1.0" encoding="UTF-8"?>
2
-<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" 
3
-   "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
4
-
5
-<section id="auth_radius" xmlns:xi="http://www.w3.org/2001/XInclude">
6
-    <sectioninfo>
7
-	<authorgroup>
8
-	    <author>
9
-		<firstname>Jan</firstname>
10
-		<surname>Janak</surname>
11
-		<affiliation><orgname>FhG Fokus</orgname></affiliation>
12
-		<email>jan@iptel.org</email>
13
-	    </author>
14
-	    <author>
15
-		<firstname>Juha</firstname>
16
-		<surname>Heinanen</surname>
17
-		<affiliation><orgname>Song Networks</orgname></affiliation>
18
-		<email>jh@song.fi</email>
19
-	    </author>
20
-	    <author>
21
-		<firstname>Stelios</firstname>
22
-		<surname>Sidiroglou-Douskos</surname>
23
-	    </author>
24
-	</authorgroup>
25
-	<copyright>
26
-	    <year>2002</year>
27
-	    <year>2003</year>
28
-	    <holder>FhG FOKUS</holder>
29
-	</copyright>
30
-	<revhistory>
31
-	    <revision>
32
-		<revnumber>$Revision$</revnumber>
33
-		<date>$Date$</date>
34
-	    </revision>
35
-	</revhistory>
36
-    </sectioninfo>
37
-
38
-    <title>Auth_radius Module</title>
39
-
40
-    <section id="auth_radius.overview">
41
-	<title>Overview</title>
42
-	<para>
43
-	    This module contains functions that are used to perform
44
-	    authentication using a Radius server. Basically the proxy will pass
45
-	    along the credentials to the radius server which will in turn send
46
-	    a reply containing result of the authentication. So basically the
47
-	    whole authentication is done in the Radius server. Before sending
48
-	    the request to the radius server we perform some sanity checks over
49
-	    the credentials to make sure that only well formed credentials will
50
-	    get to the server. We have implemented radius authentication
51
-	    according to draft-sterman-aaa-sip-00. This module requires
52
-	    radiusclient library version 0.5.0 or higher which is available
53
-	    from <ulink
54
-	    url='http://developer.berlios.de/projects/radiusclient-ng/'>
55
-	    http://developer.berlios.de/projects/radiusclient-ng/</ulink>.
56
-	</para>
57
-    </section>
58
-
59
-    <section id="auth_radius.dep">
60
-	<title>Dependencies</title>
61
-	<para>
62
-	    The module depends on the following modules (in the other words the listed modules
63
-	    must be loaded before this module):
64
-	    <itemizedlist>
65
-	    	<listitem>
66
-		    <formalpara>
67
-		        <title>auth</title>
68
-		        <para>
69
-			    Generic authentication functions.
70
-		        </para>
71
-		    </formalpara>
72
-		</listitem>
73
-	    </itemizedlist>
74
-	</para>
75
-    </section>
76
-
77
-    <xi:include href="params.xml"/>
78
-    <xi:include href="functions.xml"/>
79
-    
80
-</section>
81 0
deleted file mode 100644
... ...
@@ -1,110 +0,0 @@
1
-<?xml version="1.0" encoding="UTF-8"?>
2
-<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" 
3
-   "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
4
-
5
-<section id="auth_radius.functions" xmlns:xi="http://www.w3.org/2001/XInclude">
6
-    <sectioninfo>
7
-	<revhistory>
8
-	    <revision>
9
-		<revnumber>$Revision$</revnumber>
10
-		<date>$Date$</date>
11
-	    </revision>
12
-	</revhistory>
13
-    </sectioninfo>
14
-
15
-    <title>Functions</title>
16
-    
17
-    <section id="radius_www_authorize">
18
-	<title><function>radius_www_authorize(realm)</function></title>
19
-	<para>
20
-	    The function verifies credentials according to <ulink
21
-		url="http://www.ietf.org/rfc/rfc2617.txt">RFC2617</ulink>. If
22
-	    the credentials are verified successfully then the function
23
-	    will succeed and mark the credentials as authorized (marked
24
-	    credentials can be later used by some other functions). If the
25
-	    function was unable to verify the credentials for some reason
26
-	    then it will fail and the script should call
27
-	    <function>www_challenge</function> which will challenge the
28
-	    user again.
29
-	</para>
30
-	<para>
31
-	    This function will, in fact, perform sanity checks over the
32
-	    received credentials and then pass them along to the radius server
33
-	    which will verify the credentials and return whether they are valid
34
-	    or not.
35
-	</para>
36
-	<para>Meaning of the parameter is as follows:</para>
37
-	<itemizedlist>
38
-	    <listitem>
39
-		<para>
40
-		    <emphasis>realm</emphasis> - Realm is a opaque string that
41
-		    the user agent should present to the user so he can decide
42
-		    what username and password to use. Usually this is domain
43
-		    of the host the server is running on.
44
-		</para>
45
-		<para>
46
-		    If an empty string "" is used then the server will generate
47
-		    it from the request. In case of REGISTER requests To header
48
-		    field domain will be used (because this header field
49
-		    represents a user being registered), for all other messages
50
-		    From header field domain will be used.
51
-		</para>
52
-	    </listitem>
53
-	</itemizedlist>
54
-	<example>
55
-	    <title><function>radius_www_authorize</function> usage</title>
56
-	    <programlisting>
57
-...
58
-if (!radius_www_authorize("iptel.org")) {
59
-    www_challenge("iptel.org", "1");
60
-};
61
-...
62
-	    </programlisting>
63
-	</example>
64
-    </section>
65
-    
66
-    <section id="radius_proxy_authorize">
67
-	<title><function moreinfo="none">radius_proxy_authorize(realm)</function></title>
68
-	<para>
69
-	    The function verifies credentials according to <ulink
70
-		url="http://www.ietf.org/rfc/rfc2617.txt">RFC2617</ulink>. If
71
-	    the credentials are verified successfully then the function
72
-	    will succeed and mark the credentials as authorized (marked
73
-	    credentials can be later used by some other functions). If the
74
-	    function was unable to verify the credentials for some reason
75
-	    then it will fail and the script should call
76
-	    <function>proxy_challenge</function> which will challenge the
77
-	    user again.
78
-	</para>
79
-	<para>
80
-	    This function will, in fact, perform sanity checks over the
81
-	    received credentials and then pass them along to the radius server
82
-	    which will verify the credentials and return whether they are valid
83
-	    or not.
84
-	</para>
85
-	<para>Meaning of the parameter is as follows:</para>
86
-	<itemizedlist>
87
-	    <listitem>
88
-		<para><emphasis>realm</emphasis> - Realm is a opaque string
89
-		    that the user agent should present to the user so he can
90
-		    decide what username and password to use. Usually this is
91
-		    domain of the host the server is running on.
92
-		</para>
93
-		<para>
94
-		    If an empty string "" is used then the server will generate it
95
-		    from the request. From header field domain will be used as realm.
96
-		</para>
97
-	    </listitem>
98
-	</itemizedlist>
99
-	<example>
100
-	    <title>proxy_authorize usage</title>
101
-	    <programlisting>
102
-...
103
-if (!radius_proxy_authorize("")) {
104
-    proxy_challenge("", "1");  # Realm will be autogenerated
105
-};
106
-...
107
-	    </programlisting>
108
-	</example>
109
-    </section>
110
-</section>
111 0
deleted file mode 100644
... ...
@@ -1,76 +0,0 @@
1
-<?xml version="1.0" encoding="UTF-8"?>
2
-<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" 
3
-   "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
4
-
5
-<section id="auth_radius.parameters" xmlns:xi="http://www.w3.org/2001/XInclude">
6
-    <sectioninfo>
7
-	<revhistory>
8
-	    <revision>
9
-		<revnumber>$Revision$</revnumber>
10
-		<date>$Date$</date>
11
-	    </revision>
12
-	</revhistory>
13
-    </sectioninfo>
14
-
15
-    <title>Parameters</title>
16
-
17
-    <section id="auth_radius.radius_config">
18
-	<title><varname>radius_config</varname> (string)</title>
19
-	<para>
20
-	    This is the location of the configuration file of radius client
21
-	    libraries.
22
-	</para>
23
-	<para>
24
-	    Default value is "/usr/local/etc/radiusclient/radiusclient.conf".
25
-	</para>
26
-	<example>
27
-	    <title><varname>radius_config</varname> parameter usage</title>
28
-	    <programlisting>
29
-modparam("auth_radius", "radius_config", "/etc/radiusclient.conf")
30
-	    </programlisting>
31
-	</example>
32
-    </section>
33
-
34
-    <section id="auth_radius.service_type">
35
-	<title><varname>service_type</varname> (integer)</title>
36
-	<para>
37
-	    This is the value of the Service-Type radius attribute to be
38
-	    used. The default should be fine for most people. See your radius
39
-	    client include files for numbers to be put in this parameter if you
40
-	    need to change it.
41
-	</para>
42
-	<para>
43
-	    Default value is "15".
44
-	</para>
45
-	<example>
46
-	    <title><varname>service_type</varname> usage</title>
47
-	    <programlisting>
48
-modparam("auth_radius", "service_type", 15)
49
-	    </programlisting>
50
-	</example>
51
-    </section>
52
-
53
-    <section id="auth_radius.use_ruri_flag">
54
-	<title><varname>use_ruri_flag</varname> (integer)</title>
55
-	<para>
56
-	    When this parameter is set to the value other than "-1" and the
57
-	    request being authenticated has flag with matching number set
58
-	    via setflag() function, use Request URI instead of uri parameter
59
-	    value from the Authorization / Proxy-Authorization header field
60
-	    to perform RADIUS authentication.  This is intended to provide
61
-	    workaround for misbehaving NAT / routers / ALGs that alter request
62
-	    in the transit, breaking authentication.  At the time of this
63
-	    writing, certain versions of Linksys WRT54GL are known to do that.
64
-	</para>
65
-	<para>
66
-	    Default value is "-1".
67
-	</para>
68
-	<example>
69
-	    <title><varname>use_ruri_flag</varname> usage</title>
70
-	    <programlisting>
71
-modparam("auth_radius", "use_ruri_flag", 22)
72
-	    </programlisting>
73
-	</example>
74
-    </section>
75
-
76
-</section>
77 0
deleted file mode 100644
... ...
@@ -1,283 +0,0 @@
1
-/* 
2
- * $Id$
3
- *
4
- * Digest Authentication - Radius support
5
- *
6
- * Copyright (C) 2001-2003 FhG Fokus
7
- *
8
- * This file is part of ser, a free SIP server.
9
- *
10
- * ser is free software; you can redistribute it and/or modify
11
- * it under the terms of the GNU General Public License as published by
12
- * the Free Software Foundation; either version 2 of the License, or
13
- * (at your option) any later version
14
- *
15
- * For a license to use the ser software under conditions
16
- * other than those described here, or to purchase support for this
17
- * software, please contact iptel.org by e-mail at the following addresses:
18
- *    info@iptel.org
19
- *
20
- * ser is distributed in the hope that it will be useful,
21
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
22
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
23
- * GNU General Public License for more details.
24
- *
25
- * You should have received a copy of the GNU General Public License 
26
- * along with this program; if not, write to the Free Software 
27
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
28
- *
29
- * History:
30
- * -------
31
- * 2003-03-09: Based on digest.c from radius_auth module (janakj)
32
- */
33
-
34
-
35
-#include "../../mem/mem.h"
36
-#include "../../dprint.h"
37
-#include "../auth/api.h"
38
-#include "../../rad_dict.h"
39
-#include "../../usr_avp.h"
40
-#include "../../ut.h"
41
-#include "sterman.h"
42
-#include "authrad_mod.h"
43
-
44
-#include <stdlib.h>
45
-#include <string.h>
46
-
47
-static int add_cisco_vsa(VALUE_PAIR** send, struct sip_msg* msg)
48
-{
49
-	str callid;
50
-
51
-	if (!msg->callid && parse_headers(msg, HDR_CALLID_F, 0) == -1) {
52
-		LOG(L_ERR, "add_cisco_vsa: Cannot parse Call-ID header field\n");
53
-		return -1;
54
-	}
55
-
56
-	if (!msg->callid) {
57
-		LOG(L_ERR, "add_cisco_vsa: Call-ID header field not found\n");
58
-		return -1;
59
-	}
60
-
61
-	callid.len = msg->callid->body.len + 8;
62
-	callid.s = pkg_malloc(callid.len);
63
-	if (callid.s == NULL) {
64
-		LOG(L_ERR, "add_cisco_vsa: No memory left\n");
65
-		return -1;
66
-	}
67
-
68
-	memcpy(callid.s, "call-id=", 8);
69
-	memcpy(callid.s + 8, msg->callid->body.s, msg->callid->body.len);
70
-
71
-	if (rc_avpair_add(rh, send, ATTRID(attrs[A_CISCO_AVPAIR].v), callid.s,
72
-			  callid.len, VENDOR(attrs[A_CISCO_AVPAIR].v)) == 0) {
73
-		LOG(L_ERR, "add_cisco_vsa: Unable to add Cisco-AVPair attribute\n");
74
-		pkg_free(callid.s);
75
-		return -1;
76
-	}
77
-
78
-	pkg_free(callid.s);
79
-	return 0;
80
-}
81
-
82
-
83
-/*
84
- * This function creates and submits radius authentication request as per
85
- * draft-sterman-aaa-sip-00.txt.  In addition, _user parameter is included
86
- * in the request as value of a SER specific attribute type SIP-URI-User,
87
- * which can be be used as a check item in the request.  Service type of
88
- * the request is Authenticate-Only.
89
- */
90
-int radius_authorize_sterman(VALUE_PAIR** received, struct sip_msg* _msg, dig_cred_t* _cred, str* _method, str* _user) 
91
-{
92
-	static char msg[4096];
93
-	VALUE_PAIR *send;
94
-	UINT4 service, ser_service_type;
95
-	str method, user, user_name;
96
-	str *ruri;
97
-	int i;
98
-	
99
-	send = 0;
100
-
101
-	if (!(_cred && _method && _user)) {
102
-		LOG(L_ERR, "radius_authorize_sterman(): Invalid parameter value\n");
103
-		return -1;
104
-	}
105
-
106
-	method = *_method;
107
-	user = *_user;
108
-	
109
-	/*
110
-	 * Add all the user digest parameters according to the qop defined.
111
-	 * Most devices tested only offer support for the simplest digest.
112
-	 */
113
-	if (_cred->username.domain.len) {
114
-	        if (!rc_avpair_add(rh, &send, ATTRID(attrs[A_USER_NAME].v), 
115
-				   _cred->username.whole.s, _cred->username.whole.len, 
116
-			           VENDOR(attrs[A_USER_NAME].v))) {
117
-			LOG(L_ERR, "radius_authorize_sterman(): Unable to add User-Name attribute\n");
118
-			goto err;
119
-		}
120
-	} else {
121
-		user_name.len = _cred->username.user.len + _cred->realm.len + 1;
122
-		user_name.s = pkg_malloc(user_name.len);
123
-		if (!user_name.s) {
124
-			LOG(L_ERR, "radius_authorize_sterman(): No memory left\n");
125
-			return -3;
126
-		}
127
-		memcpy(user_name.s, _cred->username.whole.s, _cred->username.whole.len);
128
-		user_name.s[_cred->username.whole.len] = '@';
129
-		memcpy(user_name.s + _cred->username.whole.len + 1, _cred->realm.s, _cred->realm.len);
130
-		if (!rc_avpair_add(rh, &send, ATTRID(attrs[A_USER_NAME].v), 
131
-				   user_name.s, user_name.len, 
132
-				   VENDOR(attrs[A_USER_NAME].v))) {
133
-			LOG(L_ERR, "sterman(): Unable to add User-Name attribute\n");
134
-			pkg_free(user_name.s);
135
-			goto err;
136
-		}
137
-		pkg_free(user_name.s);
138
-	}
139
-
140
-	if (!rc_avpair_add(rh, &send, ATTRID(attrs[A_DIGEST_USER_NAME].v), 
141
-			   _cred->username.whole.s, _cred->username.whole.len, 
142
-			   VENDOR(attrs[A_DIGEST_USER_NAME].v))) {
143
-		LOG(L_ERR, "sterman(): Unable to add Digest-User-Name attribute\n");
144
-		goto err;
145
-	}
146
-
147
-	if (!rc_avpair_add(rh, &send, ATTRID(attrs[A_DIGEST_REALM].v), 
148
-			   _cred->realm.s, _cred->realm.len, 
149
-			   VENDOR(attrs[A_DIGEST_REALM].v))) {
150
-		LOG(L_ERR, "sterman(): Unable to add Digest-Realm attribute\n");
151
-		goto err;
152
-	}
153
-	if (!rc_avpair_add(rh, &send, ATTRID(attrs[A_DIGEST_NONCE].v), 
154
-			   _cred->nonce.s, _cred->nonce.len, 
155
-			   VENDOR(attrs[A_DIGEST_NONCE].v))) {
156
-		LOG(L_ERR, "sterman(): Unable to add Digest-Nonce attribute\n");
157
-		goto err;
158
-	}
159
-	
160
-	if (use_ruri_flag < 0 || isflagset(_msg, use_ruri_flag) != 1) {
161
-		ruri = &_cred->uri;
162
-	} else {
163
-		ruri = GET_RURI(_msg);
164
-	}
165
-	if (!rc_avpair_add(rh, &send, ATTRID(attrs[A_DIGEST_URI].v), 
166
-			   ruri->s, ruri->len, 
167
-			   VENDOR(attrs[A_DIGEST_URI].v))) {
168
-		LOG(L_ERR, "sterman(): Unable to add Digest-URI attribute\n");
169
-		goto err;
170
-	}
171
-		
172
-	if (!rc_avpair_add(rh, &send, ATTRID(attrs[A_DIGEST_METHOD].v),
173
-			   method.s, method.len, 
174
-			   VENDOR(attrs[A_DIGEST_METHOD].v))) {
175
-	        LOG(L_ERR, "sterman(): Unable to add Digest-Method attribute\n");
176
-		goto err;
177
-	}
178
-	
179
-	/* 
180
-	 * Add the additional authentication fields according to the QOP.
181
-	 */
182
-	if (_cred->qop.qop_parsed == QOP_AUTH) {
183
-		if (!rc_avpair_add(rh, &send, ATTRID(attrs[A_DIGEST_QOP].v), "auth", 4,
184