[RADIATOR] missing documentation for VsaTranslationHook and more

Karl Gaissmaier karl.gaissmaier at uni-ulm.de
Tue Sep 5 13:24:04 UTC 2017 

Hi Radiator team,

the documentation for VsaTranslationHook is missing, also the 
documentation for VSA translation in AuthRADIUS.

---------

I'd like to solve the problem of different MAC address representations 
in the Calling-Station-Id attribute (and also other radius attributes), 
coming from different sources from all over the world via RADSEC in the 
eduroam federation.

This makes searching in loggs difficult, sigh.

I can't use VSA vendor and type translations since via the RADSEC clause 
a lot of different Client vendors are proxied to me as IdP. Btw, VSA 
Translation is not (yet) implermented for RADSEC.

I need a generic rewrite ruleset for the different MAC address 
representations and that's what regexps are for, like:

     # strip delimiters
     s/[^a-f0-9]+//ig
     # insert colons
     s/(..)(..)(..)(..)(..)(..)/$1:$2:$3:$4:$5:$6/

similar to RewriteUser.

Bingo, I found VsaTranslationHook, but only in the sources of Client.pm 
and AuthRADIUS.pm and not in the corresponding RADSEC modules, 
AuthRADSEC.pm and ServerRADSEC.pm and also in ServerRADIUS.pm.

You know, AuthRadius.pm and AuthRADSEC.pm are used for forwarding 
packets, Client.pm, ServerRADIUS.pm and ServerRADSEC.pm are all 
receiving clients.

----------------

Btw, the Hook in AuthRADIUS.pm is bound to the condition that 
VsaTranslate is defined, that means I can't use just the Hook alone, 
that's not good.

AuthRADIUS.pm
=============
     if ($host->{VsaTranslateIn})
     {
         Radius::Nas::translateVSAsIn($host->{VsaVendor}, 
$host->{VsaType}, $host->{VsaTranslateIn}, $p);
         $host->runHook('Transplantation', $p, $p, 0) if 
$host->{VsaTranslationHook};
     }

In Client.pm the Hook is called just if it is defined, fine!

Client.pm:
==========
     $self->translateVSAsIn($p) if $self->{VsaTranslateIn};
     $self->runHook('VsaTranslationHook', $p, $p, 0) if 
$self->{VsaTranslationHook};

Please make this logic comparable.


Do you have any other suggestion for the problem of different attribute 
representations coming from the same input channel?


Regards
    Charly

-- 
Karl Gaissmaier
Universität Ulm
kiz, Kommunikations und Informationszentrum
89069 Ulm
Tel.: 49(0)731/50-22499
Fax : 49(0)731/50-12-22499

More information about the radiator mailing list