attr_filter segfault

Alexander Clouter alex at digriz.org.uk
Wed Aug 19 20:36:01 CEST 2009 

Hi,

Only me...again doing things I probably should not do with FreeRADIUS.

The new config file I'm working on makes use of all the virtual 
server bits more throughier, a lot of my existing setup is in the 
non-virtual server setup.

What I'm doing is having all the authentication handled by an inner 
virtual server (shown below) whilst the authorisation is handled by the 
server that proxied the request to 'auth'.  This is to handle both MAC 
auth and EAP-TTLS request.

I was trying to put in some sneaky LDAP avoiding shortcuts (I do not 
want to make any LDAP lookups until EAP is out the way, we use 
eDirectory's Universal Password so we use the LDAP module to extract the 
plaintext password) which speeds up the whole authentication.

So I decided to slap in unwisely placed 'handled' and the attr_filter on 
the proxying server (in post-proxy) exploded.  The backtrace is below 
and I also slipped in a 'detail' and can see that the attribute value is 
pretty borked for 'Freeradius-Proxied-To'.

Now, I know what I have done is wrong, terrible and should not be done, 
however these things possibly point to other proper corner cases where 
FreeRADIUS could explode with a safe driver at the wheel :)

It all works fine though if I comment out the whole of the first 'if' 
statement block and remove the comments for the opening/closing/eap of 
the second lot.

If you need any more, you know who to pester :)

Cheers

----
server auth {
        authorize {
                if ( EAP-Message ) {
                        eap
                        handled
                }
#               if ( !EAP-Message ) {
                        # we cannot have 'suffix' here as it makes the
                        # virtual server (and the modules) think things
                        # are going to get proxied and so PAP gives NOOP
                        #
                        # this would be unneeded if we could use
                        # 'eduPersonPrincipalName' in the ldap module :(
                        if ( User-Name =~ /^(.*)@.*$/ ) {
                                update request {
                                        Stripped-User-Name := "%{1}"
                                }
                        }

                        ldap_auth
                        pap
                        chap
                        mschap
#               }

#		eap
}
----

----
>>> Sending proxied request internally to virtual server.
server auth {
+- entering group authorize {...}
++? if (EAP-Message )
? Evaluating (EAP-Message ) -> TRUE
++? if (EAP-Message ) -> TRUE
++- entering if (EAP-Message ) {...}
[eap] EAP packet type response id 0 length 16
[eap] No EAP Start, assuming it's an on-going EAP conversation
+++[eap] returns updated
+++[handled] returns handled
++- if (EAP-Message ) returns handled
} # server auth
Going to the next request
<<< Received proxied response code 0 from internal virtual server.
+- entering group post-proxy {...}
[detail]        expand: /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/freeradius/radacct/212.219.138.68/detail-20090819
[detail] /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/freeradius/radacct/212.219.138.68/detail-20090819
[detail]        expand: %t -> Wed Aug 19 19:18:24 2009
[detail] Freeradius-Proxied-To = px?M???
++[detail] returns ok
[attr_filter.post-proxy]        expand: %{Realm} -> soas.ac.uk
 attr_filter: Matched entry DEFAULT at line 103

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7f93458daae0 (LWP 6411)]
0x00007f9340ac8cd0 in attr_filter_common (instance=<value optimized out>, request=0x146bb30, input=0x68)
    at rlm_attr_filter.c:255
255                     for (vp = *input; vp != NULL; vp = vp->next ) {(gdb) where
#0  0x00007f9340ac8cd0 in attr_filter_common (instance=<value optimized out>, request=0x146bb30, input=0x68)
    at rlm_attr_filter.c:255
#1  0x0000000000416399 in modcall (component=6, c=<value optimized out>, request=0x146bb30) at modcall.c:292
#2  0x00000000004137c6 in indexed_modcall (comp=6, idx=<value optimized out>, request=0x146bb30) at modules.c:637
#3  0x000000000041cd3b in process_proxy_reply (request=0x146bb30) at event.c:1718
#4  0x000000000042080d in proxy_to_virtual_server (request=0x146bb30) at event.c:1966
#5  0x0000000000420318 in request_post_handler (request=0x146bb30) at event.c:2236
#6  0x000000000042064d in radius_handle_request (request=0x146bb30, fun=0x7f93400b9d60 <rad_authenticate>)
    at event.c:3740
#7  0x000000000041877d in thread_pool_addrequest (request=0x1, fun=0x7fff4d8e5620) at threads.c:824
#8  0x000000000041d2ce in event_socket_handler (xel=<value optimized out>, fd=<value optimized out>, 
    ctx=<value optimized out>) at event.c:3358
#9  0x00007f93454c34ab in fr_event_loop (el=0x1461000) at event.c:400
#10 0x0000000000416ee7 in main (argc=2, argv=0x7fff4d8e85b8) at radiusd.c:398
(gdb) 
----

----
Wed Aug 19 19:18:24 2009
        User-Name = "@soas.ac.uk"
        NAS-IP-Address = 127.0.0.1
        Calling-Station-Id = "02-00-00-00-00-01"
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-802.11
        Connect-Info = "CONNECT 11Mbps 802.11b"
        EAP-Message = 0x020000100140736f61732e61632e756b
        Message-Authenticator = 0x64f373450d92f42a9cff9c50c9a062c9
        Stripped-User-Name = "020000000001"
        Realm = "soas.ac.uk"
        Module-Failure-Message = "rlm_ldap: User not found"
        Realm = "soas.ac.uk"
        Freeradius-Proxied-To = px???M???
        Timestamp = 1250705904
        Request-Authenticator = Verified
----

-- 
Alexander Clouter
.sigmonster says: We have met the enemy, and he is us.
                  		-- Walt Kelly

More information about the Freeradius-Users mailing list