Reject username contains newline character

Jorge Pereira jpereira at freeradius.org
Wed Feb 19 00:00:57 CET 2020


Hi Peter,

Weird, because your code looks good. Btw, I’ve tried here with success.

My request.

Sent Access-Request Id 122 from 0.0.0.0:64100 to 127.0.0.1:1812 length 44
	User-Name = "bob\n"
	User-Password = "hello"
	Cleartext-Password = "hello"
Received Access-Reject Id 122 from 127.0.0.1:1812 to 127.0.0.1:64100 length 52
	Reply-Message = "Rejected: Realm ends with a CR"
(0) -: Expected Access-Accept got Access-Reject

Output

Tue Feb 18 19:53:33 2020 : Debug: (0)   authorize {
Tue Feb 18 19:53:33 2020 : Debug: (0)     if (&User-Name =~ /\n$/)  {
Tue Feb 18 19:53:33 2020 : Debug: (0)     if (&User-Name =~ /\n$/)   -> TRUE
Tue Feb 18 19:53:33 2020 : Debug: (0)     if (&User-Name =~ /\n$/)   {
Tue Feb 18 19:53:33 2020 : Debug: (0)       update reply {
Tue Feb 18 19:53:33 2020 : Debug: (0)         &Reply-Message += 'Rejected: Realm ends with a CR'
Tue Feb 18 19:53:33 2020 : Debug: (0)       } # update reply = noop
Tue Feb 18 19:53:33 2020 : Debug: (0)       modsingle[authorize]: calling reject (rlm_always)
Tue Feb 18 19:53:33 2020 : Debug: (0)       modsingle[authorize]: returned from reject (rlm_always)
Tue Feb 18 19:53:33 2020 : Debug: (0)       [reject] = reject
Tue Feb 18 19:53:33 2020 : Debug: (0)     } # if (&User-Name =~ /\n$/)   = reject
Tue Feb 18 19:53:33 2020 : Debug: (0)   } # authorize = reject

I noticed that you’re running version 3.0.16. therefore, feel free to use the latest 3.0.19, btw you could find official packages available in http://packages.networkradius.com/ <http://packages.networkradius.com/>

--
Jorge Pereira
jpereira at freeradius.org <mailto:jpereira at freeradius.org>





> On 18 Feb 2020, at 11:11, Peter Balsianok <balsianok.peter at gmail.com> wrote:
> 
> Hi all,
> 
> I have tried to create unlang peace of code to reject username which
> contains newline character at the end.
> 
> Here is my unlang code
> 
> if (&User-Name =~ /\n$/)  {
>    update reply {
>      &Reply-Message += 'Rejected: Realm ends with a CR'
>    }
>    reject
>  }
> 
> But this code doesnt work.
> 
> Here is fragment of the debug messages:
> 
> FreeRADIUS Version 3.0.16
> Copyright (C) 1999-2017 The FreeRADIUS server project and contributors
> There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
> PARTICULAR PURPOSE
> You may redistribute copies of FreeRADIUS under the terms of the
> GNU General Public License
> For more information about these matters, see the file named COPYRIGHT
> Starting - reading configuration files ...
> ...
> Listening on command file /app/radius/conf/auth-test/control.socket
> Listening on auth address * port 10812 bound to server default
> Listening on auth address * port 10645 bound to server default
> Listening on status address 127.0.0.1 port 18122 bound to server status
> Listening on proxy address * port 58927
> Ready to process requests
> (0) Received Access-Request Id 243 from 127.0.0.1:55698 to 127.0.0.1:10812
> length 341
> (0)   User-Name = "m0457 at vseazd.sk\n"
> (0)   User-Password = "17395939451966"
> (0)   Service-Type = Framed-User
> (0)   Framed-Protocol = PPP
> (0)   NAS-Identifier = "N-101-BA-BAS-11"
> (0)   NAS-Port = 2432775760
> (0)   NAS-Port-Type = Virtual
> (0)   NAS-Port-Id = "L2TP LNS 79440"
> (0)   Event-Timestamp = "Mar  6 2017 14:16:15 CET"
> (0)   NAS-IP-Address = 213.151.237.212
> (0) # Executing section authorize from file
> /app/radius/conf/auth-test/sites-enabled/default
> (0)   authorize {
> (0)     policy filter_username {
> (0)       if (&User-Name =~ /\n$/)  {
> (0)       if (&User-Name =~ /\n$/)   -> FALSE
> (0)     } # policy filter_username = notfound
> 
> Coudl you please help me. Thank you very much
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



More information about the Freeradius-Users mailing list