segfault with regex and hint

Arran Cudbard-Bell a.cudbard-bell at sussex.ac.uk
Wed Aug 19 00:23:23 CEST 2009 

Hello!

You using ProCurve NAS then? Or have other people started using
Service-Type = 'Call-Check' to hint at Mac-Auth?

-Arran
>
> Alan Buxey <A.L.M.Buxey at lboro.ac.uk> wrote:
>   
>>> It's that time of year to overhaul the cesspool that makes up my 
>>> FreeRADIUS config files.
>>>
>>> I am running FreeRADIUS from git[1] about two days ago and found that by 
>>> putting the following in my 'hints' file gives me the segfault shown 
>>> below[2].  If I remove the end bit[3] then I do not get the segfault, 
>>> but then I also do not get my comparison :)
>>>       
>> you are doing 2 seperate comparisons for the one attribute. is that correct/allowed?
>>
>>     
> /me shrugs
>
> I'm just here to report bugs :)
>
> For mac-auth detection I just moved to a policy, so I really do not care 
> if the bug gets fixed or not[1].  I can imagine cases where people want 
> to 
> use the hints file to 'sanitise' incoming RADIUS packets though in a 
> neat one-liner that keeps it out of the virtual host stanza for example:
>
> ----
> DEFAULT Calling-Station-Id =~ "/^([0-9a-f]{2}).?([0-9a-f]{2}).?([0-9a-f]{2}).?([0-9a-f]{2}).?([0-9a-f]{2}).?([0-9a-f]{2})$/i"
> 	Calling-Station-Id := "%{1}%{2}%{3}%{4}%{5}%{6}"
> ----
>
> For any who is curious/cares for the archives, I use the following 
> policy:
> ----
> mac_auth {
>   if ( Realm == NULL && !EAP-Message && NAS-Port-Type == "Ethernet" \
>           && Service-Type == Call-Check \
>           && Stripped-User-Name == "%{User-Password}" \
>           && Stripped-User-Name =~ /^[0-9a-f]{12}$/i \
>           && Calling-Station-Id =~ /^([0-9a-f]{2}).?([0-9a-f]{2}).?([0-9a-f]{2}).?([0-9a-f]{2}).?([0-9a-f]{2}).?([0-9a-f]{2})$/i \
>           && Stripped-User-Name =~ /^%{1}%{2}%{3}%{4}%{5}%{6}$/i ) {
>     ok
>   }
>   else {
>     notfound
>   }
> }
> ----
>
> Cheers
>
> [1] although I guess having a "hey lets copy from address 0x0" path in 
> 	FreeRADIUS is probably considered bad style :)
>
>   


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090818/2614ff9f/attachment.pgp>

More information about the Freeradius-Users mailing list