From: Francis Dupont Date: Fri, 22 Aug 2025 21:38:26 +0000 (+0200) Subject: [#3860] Last updates including doc X-Git-Tag: Kea-3.1.2~38 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b821c5b18db1d64ea8339049398daa008d609d97;p=thirdparty%2Fkea.git [#3860] Last updates including doc --- diff --git a/changelog_unreleased/3860-radius-vendor-attributes b/changelog_unreleased/3860-radius-vendor-attributes new file mode 100644 index 0000000000..df1de76549 --- /dev/null +++ b/changelog_unreleased/3860-radius-vendor-attributes @@ -0,0 +1,5 @@ +[func] fdupont + Added support of RADIUS vendor attributes and integer + translations to the RADIUS hook library for compatibility + with previous versions using the FreeRADIUS client library. + (Gitlab #2860) diff --git a/doc/sphinx/arm/ext-radius.rst b/doc/sphinx/arm/ext-radius.rst index cd8f939f91..6d32aae0a9 100644 --- a/doc/sphinx/arm/ext-radius.rst +++ b/doc/sphinx/arm/ext-radius.rst @@ -226,9 +226,20 @@ At the service level, three sections can be configured: - ``expr`` - is the last of the three ways to specify the attribute content. It specifies an evaluation expression on the DHCP query packet. + - ``vendor`` - since Kea 3.1.2 is the vendor id of the attribute. + It allways contents a string with the vendor name or an integer litteral. Attributes are supported only for the access service. +.. note:: + + Vendor-Specific attribute can be specified in two ways: using a ``raw`` + value which must include the vendor and the vsa data, note that the ``data`` + value is no longer supported sine Kea 3.1.2, and the ``expr`` value + is evaluated to the content of the attribute. The second way was added + by 3.1.2 and allows to specify a vendor attribute which is automatically + embedded into a Vendor-Specific attribute. + - The ``peer-updates`` boolean flag (default ``true``) controls whether lease updates coming from an active High-Availability (HA) partner should result in an accounting request. This may be desirable to remove duplicates if HA @@ -570,6 +581,12 @@ RADIUS dictionary. There are differences: - Must have an associated attribute definition in the dictionary. + * - Attribute and Integer Value name spaces + + - flat name spaces allowing duplicates. + + - since Kea 3.1.2 different name spaces per vendor. + * - Reply-Message Presence in the Kea Logs - Only as part of the aggregated list of attributes in ``RADIUS_AUTHENTICATION_ACCEPTED``, ``RADIUS_ACCESS_CACHE_INSERT``, ``RADIUS_ACCESS_CACHE_GET`` log messages. diff --git a/src/hooks/dhcp/radius/client_attribute.cc b/src/hooks/dhcp/radius/client_attribute.cc index bb77f5e646..b011488be8 100644 --- a/src/hooks/dhcp/radius/client_attribute.cc +++ b/src/hooks/dhcp/radius/client_attribute.cc @@ -49,7 +49,8 @@ Attribute::fromText0(const AttrDefPtr& def, const string& value) { case PW_TYPE_INTEGER: if (!isdigit(value[0])) { IntCstDefPtr ic_def = - AttrDefs::instance().getByName(def->type_, value); + AttrDefs::instance().getByName(def->type_, value, + def->vendor_); if (ic_def) { return (fromInt(def->type_, ic_def->value_)); } diff --git a/src/hooks/dhcp/radius/tests/attribute_unittests.cc b/src/hooks/dhcp/radius/tests/attribute_unittests.cc index ee97ea0d56..b93c47e1dd 100644 --- a/src/hooks/dhcp/radius/tests/attribute_unittests.cc +++ b/src/hooks/dhcp/radius/tests/attribute_unittests.cc @@ -184,7 +184,7 @@ TEST_F(AttributeTest, rawAttrString) { << from_bytes->toText() << " != " << attr->toText(); } -// Verifies integer string attribute. +// Verifies integer attribute. TEST_F(AttributeTest, attrInt) { // Using NAS-Port-Type (61) integer attribute. AttrDefPtr def = AttrDefs::instance().getByType(PW_NAS_PORT_TYPE); @@ -251,6 +251,20 @@ TEST_F(AttributeTest, attrInt) { "the attribute value type must be vsa, not integer"); } +// Verifies vendor integer attribute. +TEST_F(AttributeTest, vendorAttrInt) { + // Attibute. + AttrDefPtr def(new AttrDef(1, "My-Int", PW_TYPE_INTEGER, 2495)); + ASSERT_NO_THROW(AttrDefs::instance().add(def)); + // Integer constant. + IntCstDefPtr cst(new IntCstDef(1, "My-Cst", 144, 2495)); + ASSERT_NO_THROW(AttrDefs::instance().add(cst)); + AttributePtr attr; + ASSERT_NO_THROW(attr = Attribute::fromText(def, "My-Cst")); + ASSERT_TRUE(attr); + EXPECT_EQ("Vendor-Specific=[2495]0x010600000090", attr->toText()); +} + // Verifies IP address attribute. TEST_F(AttributeTest, attrIpAddr) { // Using Framed-IP-Address (8) IP address attribute.