On 7 Jan 2014, at 11:16, Arran Cudbard-Bell <a.cudbardb@freeradius.org> wrote:
On 7 Jan 2014, at 07:51, Stefan Winter <stefan.winter@restena.lu> wrote:
Hi,
And the log files do contain the User-Password attribute.
That shouldn't happen
Fixed.
Umm. In a way, yes. With current SVN (v3.0.x from a few minutes ago), the logs don't contain the User-Password.
Unfortunately, shortly after detail is done (it logs the packet, omits the User-Password), the server crashes with a SEGV.
Here's the -X log of the moment:
(0) auth_log_silent : /var/log/radius/radacct/%Y%m%d/%{RESTENA-Service-Type}-service/auth-detail expands to /var/log/radius/radacct/20140107/Staff-IMAP-service/auth-detail (0) auth_log_silent : expand: "%t" -> 'Tue Jan 7 08:43:27 2014' (0) [auth_log_silent] = ok (0) ? if ( "%{RESTENA-Service-Type}" == "Staff-IMAP" && "%{strlen:%{User-Password}}" == "96" ) (0) expand: "Staff-IMAP" -> 'Staff-IMAP' (0) expand: "%{RESTENA-Service-Type}" -> 'Staff-IMAP' (0) expand: "96" -> '96' (0) expand: "%{strlen:%{User-Password}}" -> '96' (0) ? if ( "%{RESTENA-Service-Type}" == "Staff-IMAP" && "%{strlen:%{User-Password}}" == "96" ) -> TRUE (0) if ( "%{RESTENA-Service-Type}" == "Staff-IMAP" && "%{strlen:%{User-Password}}" == "96" ) { Segmentation fault
My config for this states:
auth_log_silent if ( "%{RESTENA-Service-Type}" == "Staff-IMAP" && "%{strlen:%{User-Password}}" == "96" ) { sql-webmailsso }
So it crashed before invoking an sql instance? The same worked on 3.0.0.
Yes that doesn't exactly mean much it being C.
I can't reproduce it by calling strlen, could you maybe provide a backtrace?
(1) # Executing section authorize from file /usr/local/freeradius/etc/raddb/sites-enabled/default (1) authorize { (1) detail : expand: "/usr/local/freeradius/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d" -> '/usr/local/freeradius/var/log/radius/radacct/127.0.0.1/detail-20140107' (1) detail : /usr/local/freeradius/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d expands to /usr/local/freeradius/var/log/radius/radacct/127.0.0.1/detail-20140107 (1) detail : expand: "%t" -> 'Tue Jan 7 11:14:32 2014' (1) [detail] = ok (1) update control { (1) expand: "%{strlen:%{User-Password}}" -> '3' (1) Tmp-Integer-0 := 3 (1) } # update control = noop (1) ? if ("%{strlen:%{User-Password}}" == "3") (1) expand: "3" -> '3' (1) expand: "%{strlen:%{User-Password}}" -> '3' (1) ? if ("%{strlen:%{User-Password}}" == "3") -> TRUE (1) if ("%{strlen:%{User-Password}}" == "3") { (1) [reject] = reject (1) } # if ("%{strlen:%{User-Password}}" == "3") = reject (1) } # authorize = reject (1) Using Post-Auth-Type Reject
(1) # Executing section authorize from file /usr/local/freeradius/etc/raddb/sites-enabled/default (1) authorize { (1) detail : expand: "/usr/local/freeradius/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d" -> '/usr/local/freeradius/var/log/radius/radacct/127.0.0.1/detail-20140107' (1) detail : /usr/local/freeradius/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d expands to /usr/local/freeradius/var/log/radius/radacct/127.0.0.1/detail-20140107 (1) detail : expand: "%t" -> 'Tue Jan 7 11:51:32 2014' (1) [detail] = ok (1) update control { (1) expand: "%{strlen:%{User-Password}}" -> '3' (1) Tmp-Integer-0 := 3 (1) } # update control = noop (1) ? if ("%{strlen:%{User-Password}}" == "3") (1) expand: "3" -> '3' (1) expand: "%{strlen:%{User-Password}}" -> '3' (1) ? if ("%{strlen:%{User-Password}}" == "3") -> TRUE (1) if ("%{strlen:%{User-Password}}" == "3") { (1) sql : expand: "%{User-Name}" -> 'foo' (1) sql : SQL-User-Name set to 'foo' rlm_sql (sql): Reserved connection (4) (1) sql : expand: "SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id" -> 'SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'foo' ORDER BY id' rlm_sql (sql): Executing query: 'SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'foo' ORDER BY id' (1) sql : expand: "SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority" -> 'SELECT groupname FROM radusergroup WHERE username = 'foo' ORDER BY priority' rlm_sql (sql): Executing query: 'SELECT groupname FROM radusergroup WHERE username = 'foo' ORDER BY priority' rlm_sql (sql): Released connection (4) rlm_sql (sql): Closing connection (1): Too many free connections (4 > 3) rlm_sql_sqlite: Socket destructor called, closing socket (1) [sql] = notfound Still can't reproduce it... Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS Development Team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2