Am 2015-10-12 16:57, schrieb Herwin Weststrate:
On 12-10-15 16:43, Bernd wrote:
Am 2015-10-12 16:23, schrieb Alan DeKok:
On Oct 12, 2015, at 10:08 AM, Bernd <bernd@kroenchenstadt.de> wrote:
Thanks a lot for your reply, Alan. I deleted it from hints and put your snippet into the config, however I still get that error:
Escape the % with a backslash.
Escaped all %'s with a backslash, same problem.
Actually, the % should not be escaped with a slash, but with another %. The problem here isn't regex escaping, but xlat that tries to expand the % variable.
The following piece of code should work:
if (User-Name =~ /bla-bla\/([^%%]+)%%kroenchenstadt.de/) { update control { User-Name := "%{1}@kroenchenstadt.de" } }
The code itself seems to work, thanks a lot! However, it still sends a "=25" (which originates from the forbidden character "%" regarding its use within a MySQL setup) to the MySQL: (20) if (&User-Name =~ /@\\./) (20) if (&User-Name =~ /@\\./) -> FALSE (20) if (User-Name =~ /bla\-bla\/([^%%]+)%%kroenchenstadt.de/) (20) EXPAND bla-bla/([^%%]+)%%kroenchenstadt.de (20) --> bla-bla/([^%]+)%kroenchenstadt.de (20) if (User-Name =~ /bla\-bla\/([^%%]+)%%kroenchenstadt.de/) -> TRUE (20) if (User-Name =~ /bla\-bla\/([^%%]+)%%kroenchenstadt.de/) { (20) update control { (20) EXPAND %{1}@kroenchenstadt.de (20) --> 20082105@kroenchenstadt.de (20) User-Name := "20082105@kroenchenstadt.de" (20) } # update control = noop (20) } # if (User-Name =~ /bla\-bla\/([^%%]+)%%kroenchenstadt.de/) = noop (20) } # filter_username filter_username = noop (20) [preprocess] = ok (20) [chap] = noop (20) [mschap] = noop (20) [digest] = noop (20) suffix : Checking for suffix after "@" (20) suffix : No '@' in User-Name = "bla-bla/20082105%kroenchenstadt.de", looking up realm NULL (20) suffix : No such realm "NULL" (20) [suffix] = noop (20) eap : No EAP-Message, not doing EAP (20) [eap] = noop (20) sql : EXPAND %{User-Name} (20) sql : --> bla-bla/20082105%kroenchenstadt.de (20) sql : SQL-User-Name set to 'bla-bla/20082105%kroenchenstadt.de' rlm_sql (sql): Reserved connection (4) ***** (20) sql : EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id (20) sql : --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'bla-bla/20082105=25kroenchenstadt.de' ORDER BY id rlm_sql (sql): Executing query: 'SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'bla-bla/20082105=25kroenchenstadt.de' ORDER BY id' rlm_sql (sql): Released connection (4) ***** (20) [sql] = notfound (20) [expiration] = noop So, filter in policy.d doesn't really *apply* it as I get from (20) } # if (User-Name =~ /bla\-bla\/([^%%]+)%%kroenchenstadt.de/) = noop (20) } # filter_username filter_username = noop That makes no sense to me because I didn't tell it to noop. Bernd
There is no need to escape the hyphen in regex either, so I've removed that escape too. I've tested it with 3.0.10.