Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
tbd:db_radius [2009/04/29 19:10] janakj |
tbd:db_radius [2012/03/19 09:05] 85.178.69.42 removed |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== Generic RADIUS Driver ====== | + | Hi Joshua, fellow sdutent.:-)It' |
| - | + | ||
| - | **Contact: | + | |
| - | + | ||
| - | ===== Abstract ===== | + | |
| - | The sip-router server contains several modules that can talk to a RADIUS server. We have acc | + | |
| - | module that implements RADIUS accounting (when enabled at compile time), we have auth_radius module | + | |
| - | which implementes digest authentication against | + | |
| - | that can be used to retrieve bits of information from a RADIUS server. All these modules depend on | + | |
| - | a RADIUS client library and these is some portion of code that needs to be duplicated in those modules. | + | |
| - | + | ||
| - | The goal of this task is to develop a generic RADIUS module called db_radius which can be then reused | + | |
| - | from all other RADIUS-modules. Instead of having acc_radius we will simply use acc_db to do RADIUS | + | |
| - | accounting, instead of acc_radius we will use acc_db to perform RADIUS digest authentication, and so | + | |
| - | on. | + | |
| - | + | ||
| - | A RADIUS server is in fact nothing else than a special type of database running on a remote host and | + | |
| - | speaking the RADIUS protocol, thus we can develop a generic RADIUS database driver which will | + | |
| - | convert database operations performed by other sip-router modules through the database abstraction | + | |
| - | layer to RADIUS queries. | + | |
| - | + | ||
| - | ===== State of the Art ===== | + | |
| - | RADIUS related functionality is currently scattered across a number of sip-router modules. We have | + | |
| - | * **acc_radius** for RADIUS based accounting. | + | |
| - | * **auth_radius** for RADIUS based digest authentication. | + | |
| - | * **misc_radius** for miscelanous RADIUS based operations (mostly used to retrieve a set of attributes from the RADIUS server). | + | |
| - | + | ||
| - | All three modules share some parts of RADIUS related code. All the modules have similar parameters, | + | |
| - | for example, they all need to be configured with a path to the configuration file of the radius | + | |
| - | client library. They all need to be provided with the radius attribute dictionary, and so on. | + | |
| - | + | ||
| - | ===== Goals ===== | + | |
| - | The primary goal of this work is to develop a new modules for the sip-router project which will | + | |
| - | translate database queries into RADIUS queries and back. How the request are going to be translated | + | |
| - | will be driven by a plain-text configuration file. Among other things, the configuration file should: | + | |
| - | + | ||
| - | * Map database names to RADIUS servers | + | |
| - | * Specify how to translate database table names to RADIUS query types | + | |
| - | * Specify how to translate names of database columns to RADIUS attributes | + | |
| - | + | ||
| - | The module should support at least the following three types of operations: | + | |
| - | + | ||
| - | ==== Accounting ==== | + | |
| - | Accounting is implemented | + | |
| - | SQL query to add a new accounting record to the database: | + | |
| - | < | + | |
| - | insert into acc server_id, from_uid, to_uid, to_did, from_did... | + | |
| - | </ | + | |
| - | The generic RADIUS driver should translate this query into a RADIUS accounting request as described in | + | |
| - | RFC 2866. | + | |
| - | + | ||
| - | ==== Digest Authentication ==== | + | |
| - | The digest authentication algorithm is implemented in auth_db (which works with database backends) and | + | |
| - | auth_radius (which works with RADIUS only). Our goal here is to make auth_db module work with RADIUS | + | |
| - | and get rid of auth_radius. | + | |
| - | + | ||
| - | The module needs to retrieve the password of the user being authenticated. This done by executing a | + | |
| - | " | + | |
| - | data from credentials table into RADIUS digest authentication queries as decribed RFC 4590. | + | |
| - | + | ||
| - | ==== Get Attributes from RADIUS Server ==== | + | |
| - | Most configuration information in sip-router is stored in form of so called AVPs (attribute-value pairs). | + | |
| - | The AVPs are simple variables which are accessible in routing sections of the configuration file and they | + | |
| - | can be used to store all kinds of information. AVPs are typically stored all kinds of configuration | + | |
| - | for a particular subscriber in the database. Whenever a subscriber makes a call, the server retrieves | + | |
| - | his/her set of AVPs from the database and processes the request based on his/her preferences stored in | + | |
| - | those AVPs. | + | |
| - | + | ||
| - | This is implemented in module avp_db for all kinds of regular databases and in misc_radius for RADIUS. | + | |
| - | Our goal here is to make avp_db module work with RADIUS and get rid of misc_radius module. | + | |
| - | + | ||
| - | ==== Configuration File ==== | + | |
| - | The operation of the module will be driven by a plain-text configuration file. We have taken similar | + | |
| - | approach with the generic LDAP module already. The configuration file of the generic LDAP module | + | |
| - | is used to translate database table names to nodes in the LDAP data tree and also to translate | + | |
| - | database column names to LDAP attributes. The configuration file of the generic LDAP module looks | + | |
| - | roughly like this: | + | |
| - | < | + | |
| - | [connection: | + | |
| - | host=127.0.0.1 | + | |
| - | port=389 | + | |
| - | username=ser | + | |
| - | password=heslo | + | |
| - | + | ||
| - | [table: | + | |
| - | base = " | + | |
| - | field_map = password : (Binary) digestPassword | + | |
| - | field_map = realm : digestRealm | + | |
| - | </ | + | |
| - | We would like to have a similar configuration file also for the generic RADIUS database driver. | + | |
| - | + | ||
| - | ===== Reading List ===== | + | |
| - | - RFC 2865: [[http:// | + | |
| - | ]] | + | |
| - | - RFC 2866: [[http:// | + | |
| - | - RFC 2869: [[http:// | + | |
| - | - RFC 4590: [[http:// | + | |
| - | - Documentation for the following sip-router modules: | + | |
| - | * [[http:// | + | |
| - | * [[http:// | + | |
| - | * [[http:// | + | |
| - | - [[http:// | + | |
