In auth request packet, Stripped-User-Name attribute value wrongly rewritten by radius server

Adarsha S s.adarsha at gmail.com
Thu Apr 10 13:10:38 CEST 2014 

Hi Alan,
I'm resending the  mail as previously it  excessed the message size limit
I've attached the truncated log in this mail.
Please let me know your inputs.

Thanks,
Adarsha

On Wed, Apr 9, 2014 at 11:55 AM, Adarsha S <s.adarsha at gmail.com> wrote:

> Hi Alan,
>
> I did upgrade my free radius to 2.2.4 but still the issue persist.
> I've attached the log of the same.
>
> On looking at code flow could make out while creating the new attribute
> (stripped-user-name), " '\\' 't' " is replaced as '\t'.
> As a fix I've made below changes.
>
> *File :* src/modules/rlm_attr_rewrite/rlm_attr_rewrite.c
> *Function:* do_attr_rewrite()
> *RCA :* While paring attribute with value ,value is formatted and then
> paired. During formation " \\t " is replaced by " \t "
> *Fix:* Before paring attribute with value, convert the value to printable
> formate and then send it for paring.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> *@@ -180,7 +184,17 @@                        DEBUG2("%s: xlat on replace
> string failed.", data->name);                         return ret;
>       }-               attr_vp =
> pairmake(data->attribute,replace_STR,0);++//             attr_vp =
> pairmake(data->attribute,replace_STR,0);+               lent =
> fr_print_string(replace_STR, +                                0,+
>                      modified_replace_STR, sizeof(modified_replace_STR));+
>               modified_replace_STR[lent] = '\0';++               attr_vp =
> pairmake(data->attribute,modified_replace_STR,0); +                if
> (attr_vp == NULL){                        DEBUG2("%s: Could not add new
> attribute %s with value '%s'", data->name,
> data->attribute,replace_STR);*
>
> Pleaseguide me in understanding if this fix will create problem in any
> other scenarios.
>
> Thanks,
> Adarsha
>
>
>
>
>
>
> On Tue, Apr 8, 2014 at 2:37 AM, Alan DeKok <aland at deployingradius.com>wrote:
>
>> Adarsha S wrote:
>> > I'm having a setup where clients get authenticated by Windows AD 2003
>> server.
>> > It uses stripped-user-name attribute.
>> > I'm having free radius 2.1.12 as the radius server.
>> > The username are provided as DomainName\Username.
>> > Various combination of Domain name and user name worked but when ever
>> > the username starts with "t" or "n" the authentication failed.
>>
>>   Upgrade.  IIRC this issue was fixed.
>>
>>   The latest release is 2.2.4.  You're running a version which is many
>> years out of date.
>>
>>   Alan DeKok.
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140410/195f83a3/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: UPGARDED_RADIUS_TO_2.2.4
Type: application/octet-stream
Size: 4209 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140410/195f83a3/attachment.obj>

More information about the Freeradius-Users mailing list