# HG changeset patch # User Sebastien Decugis # Date 1273475082 -32400 # Node ID e11a9f90a65a85e13b07ea2fd8744af7800b64d7 # Parent d4c9fb55ca3ac806925610c946ebe5b871013b0b Do not send STR if the auth server sent NO_STATE_MAINTAINED diff -r d4c9fb55ca3a -r e11a9f90a65a extensions/app_radgw/rgwx_acct.c --- a/extensions/app_radgw/rgwx_acct.c Mon May 10 15:45:17 2010 +0900 +++ b/extensions/app_radgw/rgwx_acct.c Mon May 10 16:04:42 2010 +0900 @@ -1087,7 +1087,9 @@ memset(st, 0, sizeof(struct sess_state)); memcpy(&st->req_auth, &rad_req->hdr->authenticator[0], 16); st->auth_appl = auth_appl; - st->send_str = send_str; + if (auth_appl) { /* We use the value 0 for servers which indicated NO STATE MAINTAINED, hence have no need for STR */ + st->send_str = send_str; + } st->term_cause = str_cause; CHECK_FCT( fd_sess_state_store( cs->sess_hdl, session, &st ) ); } diff -r d4c9fb55ca3a -r e11a9f90a65a extensions/app_radgw/rgwx_auth.c --- a/extensions/app_radgw/rgwx_auth.c Mon May 10 15:45:17 2010 +0900 +++ b/extensions/app_radgw/rgwx_auth.c Mon May 10 16:04:42 2010 +0900 @@ -49,6 +49,7 @@ #define ACV_ART_AUTHORIZE_AUTHENTICATE 3 /* AUTHORIZE_AUTHENTICATE */ #define ACV_OAP_RADIUS 1 /* RADIUS */ #define ACV_ASS_STATE_MAINTAINED 0 /* STATE_MAINTAINED */ +#define ACV_ASS_NO_STATE_MAINTAINED 1 /* NO_STATE_MAINTAINED */ #define ER_DIAMETER_MULTI_ROUND_AUTH 1001 #define ER_DIAMETER_LIMITED_SUCCESS 2002 @@ -919,6 +920,7 @@ struct avp_hdr *ahdr, *sid, *oh; char buf[254]; /* to store some attributes values (with final '\0') */ int ta_set = 0; + int no_str = 0; /* indicate if an STR is required for this server */ uint8_t tuntag = 0; unsigned char * req_auth = NULL; @@ -1047,7 +1049,7 @@ } CONV2RAD_STR(RADIUS_ATTR_STATE, buf, strlen(buf), 0); } - /* The RFC text says that this should always be the case, but it seems odd... */ + if ((*rad_fw)->hdr->code == RADIUS_CODE_ACCESS_ACCEPT) { /* Add the Session-Id */ if (sizeof(buf) < snprintf(buf, sizeof(buf), "Diameter/%.*s", @@ -1055,14 +1057,6 @@ TRACE_DEBUG(INFO, "Data truncated in Class attribute: %s", buf); } CONV2RAD_STR(RADIUS_ATTR_CLASS, buf, strlen(buf), 0); - - /* Add the auth-application-id required for STR */ - CHECK_FCT( fd_msg_hdr( *diam_ans, &hdr ) ); - if (sizeof(buf) < snprintf(buf, sizeof(buf), CLASS_AAI_PREFIX "%u", - hdr->msg_appl)) { - TRACE_DEBUG(INFO, "Data truncated in Class attribute: %s", buf); - } - CONV2RAD_STR(RADIUS_ATTR_CLASS, buf, strlen(buf), 0); } /* Unlink the Origin-Realm now; the others are unlinked at the end of this function */ @@ -1206,6 +1200,10 @@ if ((!ta_set) && (ahdr->avp_value->u32 == ACV_ASS_STATE_MAINTAINED)) { CONV2RAD_32B( RADIUS_ATTR_TERMINATION_ACTION, RADIUS_TERMINATION_ACTION_RADIUS_REQUEST ); } + + if (ahdr->avp_value->u32 == ACV_ASS_NO_STATE_MAINTAINED) { + no_str = 1; + } break; /* Authorization-Lifetime already handled */ @@ -1668,6 +1666,16 @@ CHECK_FCT( fd_msg_free( aoh ) ); free(req_auth); + if ((*rad_fw)->hdr->code == RADIUS_CODE_ACCESS_ACCEPT) { + /* Add the auth-application-id required for STR, or 0 if no STR is required */ + CHECK_FCT( fd_msg_hdr( *diam_ans, &hdr ) ); + if (sizeof(buf) < snprintf(buf, sizeof(buf), CLASS_AAI_PREFIX "%u", + no_str ? 0 : hdr->msg_appl)) { + TRACE_DEBUG(INFO, "Data truncated in Class attribute: %s", buf); + } + CONV2RAD_STR(RADIUS_ATTR_CLASS, buf, strlen(buf), 0); + } + return 0; }