ldap_pairget fix
Markus Krause
krause at biochem.mpg.de
Wed Jan 11 18:10:21 CET 2006
Zitat von Nicolas Baradakis <nbk at sitadelle.com>:
> Markus Krause wrote:
> > so it looks good for the attribute "Filter-Id"/"radiusFilterID"!
>
> Indeed. According to the bug report, old code would have returned
> Filter-Id = "foo" therefore the patch doesn't truncate the value
> anymore.
>
> > let me know if i can do some more testing!
>
> Please try the other examples posted to the bugzilla: with an operator,
> with quotes, with back-quotes, etc.
>
> http://bugs.freeradius.org/show_bug.cgi?id=261
ok, here you are:
first a table with the ldap values (i added some more or less "sensible"
variations just out of curiosity) for the user names, together with the reply
by freeradius (details see below):
username | radiusFilterId | reply
------------+----------------------+--------------------------
testuser3 | foo bar | Filter-Id = "foo bar"
testuser4 | foo_bar | Filter-Id = "foo_bar"
testuser5 | "foo bar" | Filter-Id = "foo bar"
testuser6 | "foo"bar | Filter-Id = ""foo"bar"
testuser7 | `Hello %{User-Name}` | (Segmentation fault)
testuser8 | += foo bar | Filter-Id = "foo bar"
testuser9 | += 'foo bar' | Filter-Id = "foo bar"
testuser10 | += 'foo ba'r | Filter-Id = "'foo ba'r"
testuser11 | `Hello foo bar` | (Segmentation fault)
testuser12 | "foo"bar" | Filter-Id = "foo"
testuser13 | ""foo bar"" |
testuser14 | += ""foo bar"" |
testuser15 | ""foo"bar"" |
testuser16 | += ""foo"bar"" |
testuser17 | += "foo"bar | Filter-Id = ""foo"bar"
testuser18 | += ""foo"bar" |
testuser19 | foo"bar | Filter-Id = "foo"bar"
testuser20 | foo""bar | Filter-Id = "foo""bar"
testuser21 | foo`bar | Filter-Id = "foo`bar"
it seems that to back-quotes "`" cause a segmentation fault, but one does not.
in addition with three seperate quotes " the string is truncated (see
testuser12), a two times two quotes as pair "" show nothing ..
actually i do not know if these values make sense (but i also do not understand
what an operator could be of use in a single value ldap attribute
(radiusFilterId) either as i said before i am not a radius expert, just using
it ;-)
so now for radtest answers:
User-Name = "testuser4"
User-Password = "secret"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=153, length=29
Filter-Id = "foo_bar"
atlas:~# radtest testuser5 secret localhost 0 testing123
Sending Access-Request of id 157 to 127.0.0.1 port 1812
User-Name = "testuser5"
User-Password = "secret"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=157, length=29
Filter-Id = "foo bar"
atlas:~# radtest testuser6 secret localhost 0 testing123
Sending Access-Request of id 162 to 127.0.0.1 port 1812
User-Name = "testuser6"
User-Password = "secret"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=162, length=30
Filter-Id = ""foo"bar"
atlas:~# radtest testuser7 secret localhost 0 testing123
here freeradius does a segmentation fault! the problem seem to be the
back-quotes "`". the debug output of "freeradius -X" :
Finished request 3
Going to the next request
--- Walking the entire request list ---
Cleaning up request 1 ID 153 with timestamp 43c53288
Waking up in 3 seconds...
--- Walking the entire request list ---
Cleaning up request 2 ID 157 with timestamp 43c5328b
Waking up in 3 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:32795, id=166, length=61
User-Name = "testuser7"
User-Password = "secret"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
modcall[authorize]: module "preprocess" returns ok for request 4
modcall[authorize]: module "chap" returns noop for request 4
modcall[authorize]: module "mschap" returns noop for request 4
modcall[authorize]: module "files" returns notfound for request 4
rlm_ldap: - authorize
rlm_ldap: performing user authorization for testuser7
radius_xlat: '(uid=testuser7)'
radius_xlat: 'dc=mogli,dc=de'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=mogli,dc=de, with filter (uid=testuser7)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
Segmentation fault
atlas:~#
now the next:
atlas:~# radtest testuser8 secret localhost 0 testing123
Sending Access-Request of id 253 to 127.0.0.1 port 1812
User-Name = "testuser8"
User-Password = "secret"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=253, length=29
Filter-Id = "foo bar"
atlas:~# radtest testuser9 secret localhost 0 testing123
Sending Access-Request of id 2 to 127.0.0.1 port 1812
User-Name = "testuser9"
User-Password = "secret"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=2, length=29
Filter-Id = "foo bar"
atlas:~# radtest testuser10 secret localhost 0 testing123
Sending Access-Request of id 6 to 127.0.0.1 port 1812
User-Name = "testuser10"
User-Password = "secret"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=6, length=31
Filter-Id = "'foo ba'r"
atlas:~# radtest testuser11 secret localhost 0 testing123
testuser11 again has back-quotes in the radiusFilterId, and again freeradius
segfaults! (same output like above with testuser7, so i do not repeat the debug
output, it looks the same).
now for the rest:
atlas:~# radtest testuser12 secret localhost 0 testing123
Sending Access-Request of id 109 to 127.0.0.1 port 1812
User-Name = "testuser12"
User-Password = "secret"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=109, length=25
Filter-Id = "foo"
atlas:~# radtest testuser13 secret localhost 0 testing123
Sending Access-Request of id 113 to 127.0.0.1 port 1812
User-Name = "testuser13"
User-Password = "secret"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=113, length=20
atlas:~# radtest testuser14 secret localhost 0 testing123
Sending Access-Request of id 118 to 127.0.0.1 port 1812
User-Name = "testuser14"
User-Password = "secret"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=118, length=20
atlas:~# radtest testuser15 secret localhost 0 testing123
Sending Access-Request of id 123 to 127.0.0.1 port 1812
User-Name = "testuser15"
User-Password = "secret"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=123, length=20
atlas:~# radtest testuser16 secret localhost 0 testing123
Sending Access-Request of id 127 to 127.0.0.1 port 1812
User-Name = "testuser16"
User-Password = "secret"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=127, length=20
atlas:~# radtest testuser17 secret localhost 0 testing123
Sending Access-Request of id 132 to 127.0.0.1 port 1812
User-Name = "testuser17"
User-Password = "secret"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=132, length=30
Filter-Id = ""foo"bar"
atlas:~# radtest testuser18 secret localhost 0 testing123
Sending Access-Request of id 136 to 127.0.0.1 port 1812
User-Name = "testuser18"
User-Password = "secret"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=136, length=20
atlas:~# radtest testuser19 secret localhost 0 testing123
Sending Access-Request of id 141 to 127.0.0.1 port 1812
User-Name = "testuser19"
User-Password = "secret"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=141, length=29
Filter-Id = "foo"bar"
atlas:~# radtest testuser20 secret localhost 0 testing123
Sending Access-Request of id 145 to 127.0.0.1 port 1812
User-Name = "testuser20"
User-Password = "secret"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=145, length=30
Filter-Id = "foo""bar"
atlas:~# radtest testuser21 secret localhost 0 testing123
Sending Access-Request of id 150 to 127.0.0.1 port 1812
User-Name = "testuser21"
User-Password = "secret"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=150, length=29
Filter-Id = "foo`bar"
atlas:~#
what to test next? ;-)
regards
markus
--
Markus Krause email: krause at biochem.mpg.de
Computing Center Tel.: 089 - 89 40 85 99
Group Lottspeich / Proteomics Fax.: 089 - 89 40 85 98
---------------------------------------------------------------------
This message was sent using https://webmail.biochem.mpg.de
If you encounter any problems please report to rz-linux at biochem.mpg.de
More information about the Freeradius-Devel
mailing list