General purpose radius-request authentication function

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

General purpose radius-request authentication function

Alex Massover

Hi!

 

I'm looking for general purpose radius function to authenticate calls without digest authentication. For example in the following scenario:

 

PSTN-GWàOpenSIPSàsoftphone

 

when softphone is registered in OpenSIPS registrar, I need a single radius function able to pass to authentication server both source and destination numbers (let's say RURI and From URI). For example I want to pass only sertain combinations of src and dest and block anothers.

 

The problem with avp_load_radius() is that it's able to pass either caller or callee, but not both at once, and radius_proxy_authorize() always do digest authentication.

 

If radius_is_user_in(URI,group) would be able to pass two URIs like this: radius_is_user_in(R-URI,From-URI,group) it will be perfect.

 

Does anybody know any workaround?

 

--

Best Regards,

Alex Massover

.

 



This mail was sent via Mail-SeCure System.


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: General purpose radius-request authentication function

DanB-2
Hi Alex,

not sure whether it will completely cover your scenario, but I have
already submitted a feature-request on the tracker for avp_load_radius()
to be able to support other options than callee and called ones.

http://sourceforge.net/tracker/index.php?func=detail&aid=2171028&group_id=232389&atid=1086413

Cheers,
DanB


On Sun, 2009-02-01 at 11:20 +0200, Alex Massover wrote:
> radius_is_user_in(URI,group) would be able to pass two URIs like this:
> radius_is_user_in(R-URI,From-URI,group) it will be perfect.
>


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: General purpose radius-request authentication function

Bogdan-Andrei Iancu
In reply to this post by Alex Massover
Hi Alex,

you have a point here - opposite to DB, the RADIUS support is quite
inflexible - available queries are specificly designed for particular cases.

Maybe for the future we can enhance one of the existing functions (maybe
avp_load_radius()) to be able to get optional parameters and to return  
a set of values (not only one)....

Regards,
Bogdan

Alex Massover wrote:

>
> Hi!
>
>  
>
> I'm looking for general purpose radius function to authenticate calls
> without digest authentication. For example in the following scenario:
>
>  
>
> PSTN-GWàOpenSIPSàsoftphone
>
>  
>
> when softphone is registered in OpenSIPS registrar, I need a single
> radius function able to pass to authentication server both source and
> destination numbers (let's say RURI and From URI). For example I want
> to pass only sertain combinations of src and dest and block anothers.
>
>  
>
> The problem with avp_load_radius() is that it's able to pass either
> caller or callee, but not both at once, and radius_proxy_authorize()
> always do digest authentication.
>
>  
>
> If radius_is_user_in(URI,group) would be able to pass two URIs like
> this: radius_is_user_in(R-URI,From-URI,group) it will be perfect.
>
>  
>
> Does anybody know any workaround?
>
>  
>
> --
>
> Best Regards,
>
> Alex Massover
>
> .
>
>  
>
>
>
> This mail was sent via Mail-SeCure System.
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>  


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users