Weird logic issue...

Arran Cudbard-Bell A.Cudbard-Bell at sussex.ac.uk
Wed Nov 12 16:56:59 CET 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

Got a weird condition evaluation issue

elsif(\
("%{Supplicant-Flags}" =~ /^10........$/) || \
(("%{Supplicant-Flags}" == 'notfound') && ("%{Realm}" == 'local') &&
("%{Huntgroup-Name}" != 'auth-proxy') && \
(("%{Service-Type}" == 'Framed-User') || ("%{Service-Type}" ==
'Call-Check'))) \
){

Gets processed as:

++? if ("%{Supplicant-Flags}" == 'notfound')
	expand: %{Supplicant-Flags} ->
? Evaluating ("%{Supplicant-Flags}" == 'notfound') -> FALSE
++? if ("%{Supplicant-Flags}" == 'notfound') -> FALSE
++? if ("%{Supplicant-Flags}" =~ /^.1........$/)
	expand: %{Supplicant-Flags} ->
? Evaluating ("%{Supplicant-Flags}" =~ /^.1........$/) -> FALSE
++? if ("%{Supplicant-Flags}" =~ /^.1........$/) -> FALSE
++? elsif (("%{Supplicant-Flags}" =~ /^10........$/) ||
(("%{Supplicant-Flags}" == 'notfound') && ("%{Realm}" == 'local') &&
("%{Huntgroup-Name}" != 'auth-proxy') && (("%{Service-Type}" ==
'Framed-User') || ("%{Service-Type}" == 'Call-Check')) ))
	expand: %{Supplicant-Flags} ->
?? Evaluating ("%{Supplicant-Flags}" =~ /^10........$/) -> FALSE
	expand: %{Supplicant-Flags} ->
??? Evaluating ("%{Supplicant-Flags}" == 'notfound') -> FALSE
??? Skipping ("%{Realm}" == 'local')
??? Skipping ("%{Huntgroup-Name}" != 'auth-proxy')
???? Skipping ("%{Service-Type}" == 'Framed-User')
???? Skipping ("%{Service-Type}" == 'Call-Check')
++? elsif (("%{Supplicant-Flags}" =~ /^10........$/) ||
(("%{Supplicant-Flags}" == 'notfound') && ("%{Realm}" == 'local') &&
("%{Huntgroup-Name}" != 'auth-proxy') && (("%{Service-Type}" ==
'Framed-User') || ("%{Service-Type}" == 'Call-Check')) )) -> TRUE

So the first condition:
("%{Supplicant-Flags}" =~ /^10........$/)

returns false

Instead of processing the rest of the conditions FR skips the rest of
the conditions and returns true for the entire condition...

Interestingly if you take out the nested:

(("%{Service-Type}" == 'Framed-User') || ("%{Service-Type}" ==
'Call-Check'))

Condition and replace it with:

("%{Service-Type}" == 'Framed-User')

All is well.

So only happens with multiple levels of nesting. This has been a bug
since at least version 2.0.4.

Thanks,
Arran
- --
Arran Cudbard-Bell (A.Cudbard-Bell at sussex.ac.uk),
Authentication, Authorisation and Accounting Officer,
Infrastructure Services (IT Services),
E1-1-08, Engineering 1, University Of Sussex, Brighton, BN1 9QT
DDI+FAX: +44 1273 873900 | INT: 3900
GPG: 86FF A285 1AA1 EE40 D228 7C2E 71A9 25BB 1E68 54A2
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkka/MsACgkQcaklux5oVKI5DQCfVWJqHf8uOWsVqEKHWPZpFHvc
FlcAn14qXPIwsHOOme+q7jT7cNqy9TkK
=JXk/
-----END PGP SIGNATURE-----



More information about the Freeradius-Users mailing list