master branch radius_xlat() expected behavior?
I have the following code in the accounting function of my rlm_couchbase module: radius_xlat(key, sizeof(key), request, inst->key, NULL, NULL) inst->key is set in the config to the following: key = "radacct_%{%{Acct-Unique-Session-Id}:-%{Acct-Session-Id}}" I have the acct_unique policy loaded in the preacct section of the config but it isn't finding it in that expansion. This is what I see in radiusd -X (8) # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/ena (8) group preacct { (8) - entering group preacct {...} (8) [preprocess] = ok (8) policy acct_unique { (8) - entering policy acct_unique {...} (8) ? if ("%{string:Class}" =~ /ai:([0-9a-f]{32})/i) (8) expand: "%{string:Class}" -> 'I\314\005\263\000\000\0017\000\001\002\000\254\033\002\003\000\000\000\000\000\000\000\000\000\000\000\000\001\316t\0250\303G\204\000\000\000\000\000\001\237\365' (8) ? if ("%{string:Class}" =~ /ai:([0-9a-f]{32})/i) -> FALSE (8) else else { (8) - entering else else {...} (8) update request { (8) expand: "%{md5:%{User-Name},%{Acct-Session-ID},%{NAS-IP-Address},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}}" -> '1ed32dfe64d37d100c15550f2e7c55c7' (8) Acct-Unique-Session-Id := "1ed32dfe64d37d100c15550f2e7c55c7" (8) } # update request = ok (8) - else else returns ok (8) - policy acct_unique returns ok (8) [couchbase] = ok (8) # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/ena (8) group accounting { (8) - entering group accounting {...} rlm_couchbase (couchbase): Reserved connection (4) (8) couchbase : expand: "radacct_%{%{Acct-Unique-Session-Id}:-%{Acct-Session-Id}}" -> 'radacct_51D241BE-00000565' Is this the expected behavior? If so, what am I doing wrong? Thank You, Aaron
On 12 Jul 2013, at 23:34, Aaron Hurt <ahurt@ena.com> wrote:
I have the following code in the accounting function of my rlm_couchbase module:
radius_xlat(key, sizeof(key), request, inst->key, NULL, NULL)
inst->key is set in the config to the following:
key = "radacct_%{%{Acct-Unique-Session-Id}:-%{Acct-Session-Id}}"
I have the acct_unique policy loaded in the preacct section of the config but it isn't finding it in that expansion. This is what I see in radiusd -X
(8) # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/ena (8) group preacct { (8) - entering group preacct {...} (8) [preprocess] = ok (8) policy acct_unique { (8) - entering policy acct_unique {...} (8) ? if ("%{string:Class}" =~ /ai:([0-9a-f]{32})/i) (8) expand: "%{string:Class}" -> 'I\314\005\263\000\000\0017\000\001\002\000\254\033\002\003\000\000\000\000\000\000\000\000\000\000\000\000\001\316t\0250\303G\204\000\000\000\000\000\001\237\365' (8) ? if ("%{string:Class}" =~ /ai:([0-9a-f]{32})/i) -> FALSE (8) else else { (8) - entering else else {...} (8) update request { (8) expand: "%{md5:%{User-Name},%{Acct-Session-ID},%{NAS-IP-Address},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}}" -> '1ed32dfe64d37d100c15550f2e7c55c7' (8) Acct-Unique-Session-Id := "1ed32dfe64d37d100c15550f2e7c55c7" (8) } # update request = ok (8) - else else returns ok (8) - policy acct_unique returns ok (8) [couchbase] = ok (8) # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/ena (8) group accounting { (8) - entering group accounting {...} rlm_couchbase (couchbase): Reserved connection (4) (8) couchbase : expand: "radacct_%{%{Acct-Unique-Session-Id}:-%{Acct-Session-Id}}" -> 'radacct_51D241BE-00000565'
No the behaviour isn't correct. It was broken by 4b9be42a2f1b45e97ee12de0d412a4f65c750074. Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS Development Team
On Jul 12, 2013, at 6:16 PM, Arran Cudbard-Bell <a.cudbardb@freeradius.org> wrote:
On 12 Jul 2013, at 23:34, Aaron Hurt <ahurt@ena.com> wrote:
I have the following code in the accounting function of my rlm_couchbase module:
radius_xlat(key, sizeof(key), request, inst->key, NULL, NULL)
inst->key is set in the config to the following:
key = "radacct_%{%{Acct-Unique-Session-Id}:-%{Acct-Session-Id}}"
I have the acct_unique policy loaded in the preacct section of the config but it isn't finding it in that expansion. This is what I see in radiusd -X
(8) # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/ena (8) group preacct { (8) - entering group preacct {...} (8) [preprocess] = ok (8) policy acct_unique { (8) - entering policy acct_unique {...} (8) ? if ("%{string:Class}" =~ /ai:([0-9a-f]{32})/i) (8) expand: "%{string:Class}" -> 'I\314\005\263\000\000\0017\000\001\002\000\254\033\002\003\000\000\000\000\000\000\000\000\000\000\000\000\001\316t\0250\303G\204\000\000\000\000\000\001\237\365' (8) ? if ("%{string:Class}" =~ /ai:([0-9a-f]{32})/i) -> FALSE (8) else else { (8) - entering else else {...} (8) update request { (8) expand: "%{md5:%{User-Name},%{Acct-Session-ID},%{NAS-IP-Address},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}}" -> '1ed32dfe64d37d100c15550f2e7c55c7' (8) Acct-Unique-Session-Id := "1ed32dfe64d37d100c15550f2e7c55c7" (8) } # update request = ok (8) - else else returns ok (8) - policy acct_unique returns ok (8) [couchbase] = ok (8) # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/ena (8) group accounting { (8) - entering group accounting {...} rlm_couchbase (couchbase): Reserved connection (4) (8) couchbase : expand: "radacct_%{%{Acct-Unique-Session-Id}:-%{Acct-Session-Id}}" -> 'radacct_51D241BE-00000565'
No the behaviour isn't correct. It was broken by 4b9be42a2f1b45e97ee12de0d412a4f65c750074.
Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS Development Team
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
Okay, Thank you. -- Aaron
Arran Cudbard-Bell wrote:
No the behaviour isn't correct. It was broken by 4b9be42a2f1b45e97ee12de0d412a4f65c750074.
Which was in turn caused by the Attribute[n] code being deleted... I've pushed a fix. As another note, the "users" file entries no longer work: bob Cleartext-Password := "bob" Filter-Id := "Hello %{User-Name}" The Filter-Id attribute never gets expanded, and is always empty. But this works: bob Cleartext-Password := "bob" Filter-Id := "Hello" Just WTF is going on with the code? It's as if the handling of strings in the server has been destroyed. Alan DeKok.
On 13 Jul 2013, at 08:14, Alan DeKok <aland@deployingradius.com> wrote:
Arran Cudbard-Bell wrote:
No the behaviour isn't correct. It was broken by 4b9be42a2f1b45e97ee12de0d412a4f65c750074.
Which was in turn caused by the Attribute[n] code being deleted...
Sorry about that.
I've pushed a fix.
As another note, the "users" file entries no longer work:
bob Cleartext-Password := "bob" Filter-Id := "Hello %{User-Name}"
The Filter-Id attribute never gets expanded, and is always empty. But this works:
bob Cleartext-Password := "bob" Filter-Id := "Hello"
Just WTF is going on with the code? It's as if the handling of strings in the server has been destroyed.
No, not really. This was a specific case for users file parsing. Part of the problem is because we don't use asserts in the library files, a lot of functions just return NULL on error. In this case pairmark_xlat was refusing to mark a pair for expansion, because it already had a value and it shouldn't of. In the server library this would of been an assert, and the issue would of been very obvious. Maybe we could add support in in src/lib to write out errors using a logging function, and pass something in when the server starts up. Then if people want to use it as a library and don't want a bunch of crap being written to stderr/ stdout, they just don't set the logging function. This is the same approach used by libtalloc. -Arran Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS Development Team
Just rebuilt with the latest master and it seems as though the default acct_unique policy is now causing a failed assert. The output from radiusd -X is below: rad_recv: Accounting-Request packet from host 172.27.3.154 port 40299, id=243, length=277 Acct-Session-Id = '51D2429B-000005CC' Acct-Status-Type = Interim-Update Acct-Authentic = RADIUS User-Name = 'ENA\\hrconf' NAS-IP-Address = 172.27.3.154 NAS-Identifier = 'air1.corp.ena.net' NAS-Port = 0 Called-Station-Id = '08-EA-44-3D-AF-D4:ENA-WIFI' Attr-26 = 0x00006930010600000001 Attr-26 = 0x00006930060600000000 Framed-IP-Address = 172.27.3.150 Calling-Station-Id = '00-26-C7-1E-1C-74' NAS-Port-Type = Wireless-802.11 Connect-Info = '11ng' Class = 0x490004e50000013700010200ac1b020300000000000000000000000001ce741530c34784000000000001a125 Acct-Session-Time = 113452 Acct-Input-Packets = 37254 Acct-Input-Octets = 5687404 Acct-Input-Gigawords = 0 Acct-Output-Octets = 3073018 Acct-Output-Gigawords = 0 Acct-Output-Packets = 9641 Event-Timestamp = 'Jul 13 2013 15:52:16 CDT' (0) # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/ena (0) group preacct { (0) - entering group preacct {...} (0) [preprocess] = ok (0) policy acct_unique { (0) - entering policy acct_unique {...} (0) ? if ("%{string:Class}" =~ /ai:([0-9a-f]{32})/i) LITERAL: %{string:Class} LITERAL: %{string:Class} --> %{string:Class} EXPANSION: %{string:Class} MOD: string --> LITERAL: Class} xlat aprint 2 xlat_aprint MODULE xlat aprint 0 xlat_aprint LITERAL expand mod string --> 'Class' (0) expand: "%{string:Class}" -> 'I\000\004\345\000\000\0017\000\001\002\000\254\033\002\003\000\000\000\000\000\000\000\000\000\000\000\000\001\316t\0250\303G\204\000\000\000\000\000\001\241%' (0) ? if ("%{string:Class}" =~ /ai:([0-9a-f]{32})/i) -> FALSE (0) else else { (0) - entering else else {...} (0) update request { LITERAL: %{md5:%{User-Name},%{Acct-Session-ID},%{NAS-IP-Address},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}} LITERAL: %{md5:%{User-Name},%{Acct-Session-ID},%{NAS-IP-Address},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}} --> %{md5:%{User-Name},%{Acct-Session-ID},%{NAS-IP-Address},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}} EXPANSION: %{md5:%{User-Name},%{Acct-Session-ID},%{NAS-IP-Address},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}} MOD: md5 --> LITERAL: %{User-Name},%{Acct-Session-ID},%{NAS-IP-Address},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}} LITERAL: %{User-Name},%{Acct-Session-ID},%{NAS-IP-Address},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}} --> %{User-Name},%{Acct-Session-ID},%{NAS-IP-Address},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}} EXPANSION: %{User-Name},%{Acct-Session-ID},%{NAS-IP-Address},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}} Looking for attribute name in User-Name LITERAL: ,%{Acct-Session-ID},%{NAS-IP-Address},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}} LITERAL: ,%{Acct-Session-ID},%{NAS-IP-Address},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}} --> %{Acct-Session-ID},%{NAS-IP-Address},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}} EXPANSION: %{Acct-Session-ID},%{NAS-IP-Address},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}} Looking for attribute name in Acct-Session-ID LITERAL: ,%{NAS-IP-Address},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}} LITERAL: ,%{NAS-IP-Address},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}} --> %{NAS-IP-Address},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}} EXPANSION: %{NAS-IP-Address},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}} Looking for attribute name in NAS-IP-Address LITERAL: ,%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}} LITERAL: ,%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}} --> %{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}} EXPANSION: %{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}} Looking for attribute name in NAS-Identifier LITERAL: ,%{NAS-Port-ID},%{NAS-Port}} LITERAL: ,%{NAS-Port-ID},%{NAS-Port}} --> %{NAS-Port-ID},%{NAS-Port}} EXPANSION: %{NAS-Port-ID},%{NAS-Port}} Looking for attribute name in NAS-Port-ID LITERAL: ,%{NAS-Port}} LITERAL: ,%{NAS-Port}} --> %{NAS-Port}} EXPANSION: %{NAS-Port}} Looking for attribute name in NAS-Port LITERAL: } xlat aprint 2 xlat_aprint MODULE xlat aprint 4 xlat_aprint ATTRIBUTE expand attr User-Name --> 'ENA\hrconf' xlat aprint 0 xlat_aprint LITERAL xlat aprint 4 xlat_aprint ATTRIBUTE expand attr Acct-Session-Id --> '51D2429B-000005CC' xlat aprint 0 xlat_aprint LITERAL xlat aprint 4 xlat_aprint ATTRIBUTE expand attr NAS-IP-Address --> '172.27.3.154' xlat aprint 0 xlat_aprint LITERAL xlat aprint 4 xlat_aprint ATTRIBUTE expand attr NAS-Identifier --> 'air1.corp.ena.net' xlat aprint 0 xlat_aprint LITERAL xlat aprint 4 xlat_aprint ATTRIBUTE ASSERT FAILED src/main/xlat.c[1815]: str != NULL Aborted Hope this helps. -- Aaron On Jul 13, 2013, at 2:14 AM, Alan DeKok <aland@deployingradius.com> wrote:
Arran Cudbard-Bell wrote:
No the behaviour isn't correct. It was broken by 4b9be42a2f1b45e97ee12de0d412a4f65c750074.
Which was in turn caused by the Attribute[n] code being deleted...
I've pushed a fix.
As another note, the "users" file entries no longer work:
bob Cleartext-Password := "bob" Filter-Id := "Hello %{User-Name}"
The Filter-Id attribute never gets expanded, and is always empty. But this works:
bob Cleartext-Password := "bob" Filter-Id := "Hello"
Just WTF is going on with the code? It's as if the handling of strings in the server has been destroyed.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
On Jul 14, 2013, at 2:33 AM, Alan DeKok <aland@deployingradius.com> wrote:
Aaron Hurt wrote:
Just rebuilt with the latest master and it seems as though the default acct_unique policy is now causing a failed assert. The output from radiusd -X is below:
I pushed a fix. Nothing is wrong other than the assert.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
Thank you, everything seems to be working as expected. -- Aaron
participants (3)
-
Aaron Hurt -
Alan DeKok -
Arran Cudbard-Bell