On 7 Jan 2014, at 07:51, Stefan Winter <stefan.winter@restena.lu> wrote:
Hi,
And the log files do contain the User-Password attribute.
That shouldn't happen
Fixed.
Umm. In a way, yes. With current SVN (v3.0.x from a few minutes ago), the logs don't contain the User-Password.
Unfortunately, shortly after detail is done (it logs the packet, omits the User-Password), the server crashes with a SEGV.
Here's the -X log of the moment:
(0) auth_log_silent : /var/log/radius/radacct/%Y%m%d/%{RESTENA-Service-Type}-service/auth-detail expands to /var/log/radius/radacct/20140107/Staff-IMAP-service/auth-detail (0) auth_log_silent : expand: "%t" -> 'Tue Jan 7 08:43:27 2014' (0) [auth_log_silent] = ok (0) ? if ( "%{RESTENA-Service-Type}" == "Staff-IMAP" && "%{strlen:%{User-Password}}" == "96" ) (0) expand: "Staff-IMAP" -> 'Staff-IMAP' (0) expand: "%{RESTENA-Service-Type}" -> 'Staff-IMAP' (0) expand: "96" -> '96' (0) expand: "%{strlen:%{User-Password}}" -> '96' (0) ? if ( "%{RESTENA-Service-Type}" == "Staff-IMAP" && "%{strlen:%{User-Password}}" == "96" ) -> TRUE (0) if ( "%{RESTENA-Service-Type}" == "Staff-IMAP" && "%{strlen:%{User-Password}}" == "96" ) { Segmentation fault
My config for this states:
auth_log_silent if ( "%{RESTENA-Service-Type}" == "Staff-IMAP" && "%{strlen:%{User-Password}}" == "96" ) { sql-webmailsso }
So it crashed before invoking an sql instance? The same worked on 3.0.0.
Yes that doesn't exactly mean much it being C. I can't reproduce it by calling strlen, could you maybe provide a backtrace? (1) # Executing section authorize from file /usr/local/freeradius/etc/raddb/sites-enabled/default (1) authorize { (1) detail : expand: "/usr/local/freeradius/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d" -> '/usr/local/freeradius/var/log/radius/radacct/127.0.0.1/detail-20140107' (1) detail : /usr/local/freeradius/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d expands to /usr/local/freeradius/var/log/radius/radacct/127.0.0.1/detail-20140107 (1) detail : expand: "%t" -> 'Tue Jan 7 11:14:32 2014' (1) [detail] = ok (1) update control { (1) expand: "%{strlen:%{User-Password}}" -> '3' (1) Tmp-Integer-0 := 3 (1) } # update control = noop (1) ? if ("%{strlen:%{User-Password}}" == "3") (1) expand: "3" -> '3' (1) expand: "%{strlen:%{User-Password}}" -> '3' (1) ? if ("%{strlen:%{User-Password}}" == "3") -> TRUE (1) if ("%{strlen:%{User-Password}}" == "3") { (1) [reject] = reject (1) } # if ("%{strlen:%{User-Password}}" == "3") = reject (1) } # authorize = reject (1) Using Post-Auth-Type Reject Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS Development Team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2