a.cudbardb at freeradius.org
Wed Mar 4 02:04:08 CET 2015
> On 3 Mar 2015, at 19:02, Adam Bishop <Adam.Bishop at jisc.ac.uk> wrote:
> We have a set of NAS's that are at the end of an unreliable (GSM) connection managed by a third party. Sometimes the AuthN requests are sent to us malformed - like you'd see if the shared secret is correct, except it can't be because well formed requests are interspersed with malformed ones, seconds apart with the same source and destination servers.
> Unfortunately the user name is almost always intact, so the request is valid enough to be processed and, eventually lockout the afflicted user's account.
> While the vendor tries to fix their problem so this doesn't happen, I need to filter out the malformed requests.
> I can do this by writing a regex to bin any requests that contain any unprintable characters (as FreeRADIUS does using fr_utf8_char()), but before I sit down and try and figure that out is there a better way to do this?
> Is the check done by FreeRADIUS for unprintable characters available to unlang (or if not, would this be easy to expose)?
Use rlm_utf8. It will check all the string attributes in the request to make sure they only contain valid UTF8 chars.
If you want to only allow ranges of chars, you'll need a regex.
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS development team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 872 bytes
Desc: Message signed with OpenPGP using GPGMail
More information about the Freeradius-Users