Config file include order bug?

Sven Hartge sven at svenhartge.de
Wed Jul 15 14:07:32 CEST 2020


On 15.07.20 13:51, Sven Hartge wrote:
> Hello!
> 
> I just noticed something strange with 3.0.21 from buster-backports.
> 
> I have a custom policy in policy.d/thm_rada uses another policy from 
> policy.d/canonicalization and this works in my test system:
> 
> [...]
> including files in directory /etc/freeradius/3.0/policy.d/
> including configuration file /etc/freeradius/3.0/policy.d/control
> including configuration file /etc/freeradius/3.0/policy.d/rfc7542
> including configuration file /etc/freeradius/3.0/policy.d/canonicalization
> including configuration file /etc/freeradius/3.0/policy.d/abfab-tr
> including configuration file /etc/freeradius/3.0/policy.d/dhcp
> including configuration file /etc/freeradius/3.0/policy.d/thm_rada
> including configuration file /etc/freeradius/3.0/policy.d/debug
> including configuration file /etc/freeradius/3.0/policy.d/accounting
> including configuration file /etc/freeradius/3.0/policy.d/eap
> including configuration file /etc/freeradius/3.0/policy.d/cui
> including configuration file /etc/freeradius/3.0/policy.d/filter
> including configuration file 
> /etc/freeradius/3.0/policy.d/moonshot-targeted-ids
> including configuration file /etc/freeradius/3.0/policy.d/operator-name
> including files in directory /etc/freeradius/3.0/sites-enabled/
> including configuration file /etc/freeradius/3.0/sites-enabled/default
> main {
>   security {
>          user = "freerad"
>          group = "freerad"
> [...]
> 
> Now I tar'ed and copied the whole /etc/freeradius/ structure to my new 
> to-be-production system and this happens:
> 
> [...]
> including files in directory /etc/freeradius/3.0/policy.d/
> including configuration file /etc/freeradius/3.0/policy.d/eap
> including configuration file /etc/freeradius/3.0/policy.d/control
> including configuration file /etc/freeradius/3.0/policy.d/operator-name
> including configuration file /etc/freeradius/3.0/policy.d/debug
> including configuration file /etc/freeradius/3.0/policy.d/abfab-tr
> including configuration file /etc/freeradius/3.0/policy.d/thm_rada
> /etc/freeradius/3.0/policy.d/thm_rada[6]: Reference 
> "${policy.mac-addr-regexp}" not found
> /etc/freeradius/3.0/policy.d/thm_rada[6]: Parse error expanding ${...} 
> in condition
> Errors reading or parsing /etc/freeradius/3.0/radiusd.conf
> [...]
> 
> Notice how the load-order is different? It seems freeradius does not 
> load the files in alphanumeric order but in the order the filesystem 
> presents them, breaking the parsing of policy.d/thm_rada in this case 
> because policy.d/canonicalization hasn't been parsed yet.

Adding to that:

On the working system the output of "ls -fl" shows the file/dirctory 
order as follows:

-rw-r----- 1 freerad freerad  581 Jan 29 08:43 control
-rw-r----- 1 freerad freerad 1610 Jan 29 08:43 rfc7542
-rw-r----- 1 freerad freerad 2704 Jan 29 09:29 canonicalization
-rw-r----- 1 freerad freerad 2787 Jan 29 08:43 abfab-tr
-rw-r----- 1 freerad freerad  644 Jan 29 08:43 dhcp
-rw-r--r-- 1 freerad freerad  564 Jan 29 09:30 thm_rada
-rw-r----- 1 freerad freerad 1010 Jan 29 08:43 debug
-rw-r----- 1 freerad freerad 4202 Jan 29 08:43 accounting
-rw-r----- 1 freerad freerad 1320 Jan 29 08:43 eap
drwxr-xr-x 9 freerad freerad 4096 Apr 23 10:58 ..
-rw-r----- 1 freerad freerad 3847 Jan 29 08:43 cui
-rw-r----- 1 freerad freerad 4746 Jan 29 08:43 filter
drwxr-xr-x 2 freerad freerad 4096 Apr 23 10:58 .
-rw-r----- 1 freerad freerad 8201 Jan 29 08:43 moonshot-targeted-ids
-rw-r----- 1 freerad freerad 1323 Jan 29 08:43 operator-name

And this matches the load order in freeradius.

And on the non-working system it is:

-rw-r----- 1 freerad freerad 1320 Jul 15 14:03 eap
-rw-r----- 1 freerad freerad  581 Jul 15 14:03 control
-rw-r----- 1 freerad freerad 1323 Jul 15 14:03 operator-name
-rw-r----- 1 freerad freerad 1010 Jul 15 14:03 debug
drwxr-xr-x 2 freerad freerad 4096 Jul 15 14:03 .
-rw-r----- 1 freerad freerad 2787 Jul 15 14:03 abfab-tr
-rw-r--r-- 1 freerad freerad  564 Jul 15 14:03 thm_rada
-rw-r----- 1 freerad freerad 3847 Jul 15 14:03 cui
-rw-r----- 1 freerad freerad 4746 Jul 15 14:03 filter
-rw-r----- 1 freerad freerad 4202 Jul 15 14:03 accounting
drwxr-xr-x 9 freerad freerad 4096 Jul 15 13:53 ..
-rw-r----- 1 freerad freerad 8201 Jul 15 14:03 moonshot-targeted-ids
-rw-r----- 1 freerad freerad 2704 Jul 15 14:03 canonicalization
-rw-r----- 1 freerad freerad 1610 Jul 15 14:03 rfc7542
-rw-r----- 1 freerad freerad  644 Jul 15 14:03 dhcp

Also interesting: If I copy the files away and then copy them back, the 
same order persists, so there is at least some stability here.

It just doesn't change the fact that this breaks freeradius for me, 
unless I manually finagle the file order in the directory every time I 
make a change.

Grüße,
Sven.


More information about the Freeradius-Users mailing list