Possible bug in !* operator handling?
Marcel De Boer
marcel.de_boer at alcatel-lucent.be
Thu Sep 13 17:35:45 CEST 2007
Hi!
Today I noticed some strange problems on a number of RADIUS users in a
test setup: I have a number of users in MySQL that contain a large number
of attributes that should not occur in the Access-Request (i.e. attributes
with the !* operator). When I tried to authenticate these users, I noticed
that in some cases users were getting authenticated while they should have
been rejected.
Some investigation later, it turned out that after the first row in the
radcheck table that contains a !* operator, all further attributes get
ignored...
I crawled through the code a bit more, and the problem appears to occur on
line 287 of main/valuepair.c. This is in the function paircmp, which
iterates over the list of check items to verify whether the incoming
request matches:
/*
* Not found, it's not a match.
*/
if (auth_item == NULL) {
/*
* Didn't find it. If we were *trying*
* to not find it, then we succeeded.
*/
if (check_item->operator == T_OP_CMP_FALSE)
return 0;
else
return -1;
}
The 'return 0;' above causes paircmp to exit successfully (accepting the
user) if it could not find the attribute and it should not find the
attribute (because of the !* operator) instead of continuing to see if the
rest of the attributes is correct too.
I've changed the 'return 0;' to a 'continue;', so it does not break the
for loop anymore. This appears to work, is this fix correct or would this
introduce problems elsewhere?
Gtnx
Marcel
More information about the Freeradius-Users
mailing list