Stefan Puch wrote:
@Arran Cudbard-Bell
Write a regular expression to strip off the proceeding \
Heres one I did earlier.... If I remember correctly it's \\\\ to escape to one \ in the username ... \\ To escape it in the RegExp string, \\ to make \ literal in the regular expression...
I'm not so familiar with regular expressions, but your example works" Thank you very much! :-)
To make the test certificate being accepted I only hat to remove the leading "@", beacuse the username in there is "user@example.com" and if stripped to only "user" not accepted by the radius server.
http://www.regular-expressions.info/ This is the best reference for regular expressions, depending on the libraries the servers are built against, the RegExp flavour is usually PCRE (Perl Compatible Regular Expressions).
# This one work with the test certificate, too if("%{User-Name}" =~ /\\\\?([^\\\\]+)@?([-[:alnum:]._]*)?$/) { update request { Stripped-User-Name = "%{1}" } }
/ Is the prefix and suffix to the regular expression string. Any characters after the / suffix are used as modifiers. FreeRadius only supports the i modifier to make matches case insensitive. \\\\ resolves to a literal back-slash. Regular expressions use the \ char as an escape char so it needs to be escaped with itself. FR also uses \ as an escape char so it has to be escaped with itself too. Hence the \\\\\ -> \\ -> \ This regular expression was written to stop *stupid* *stupid* *stupid* students from breaking authentication by entering something in the domain field. They kept entering sussex.ac.uk and user@sussex.ac.uk in the User Box in the windows supplicant, which resulted in. sussex.ac.uk\user@domain or sussex.ac.uk\user The regexp parses these as : "%{1}" = user "%{2}" = domain or "%{1}" = user "%{2}" =
if("%{User-Name}" =~ /\\\\?([^\\\\]+)$/) { update request { Stripped-User-Name = "%{1}" } }
If you don't need the domain information separately, the above expression might work better for you. The \\\\? will always try to match the first '\' but will actually match the last '\' because of the greedy capture. Then the greedy capture which will capture anything but \ . Should also work for just straight user@domain as the '\' prefix is optional.
We use the domain part of the user identifier for proxying.
Is there anywhere a more detailed HOWTO for understanding this regular expression? I would like to understand "fully" what this example does... Probably I just have to do some "googling"
Now where the test certificates are working (on Win XP AND Windows Mobile) I will have to investigate again in my old certificates, because my one are only working with Windows XP supplicant and wpa_supplicant using Linux. The Windows Mobile supplicant cannot use them correctly although the certificates are the same one. Very strange! Finally I can start writing the HOWTO for Windows Mobile devices ;-)
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Arran Cudbard-Bell (A.Cudbard-Bell@sussex.ac.uk) Authentication, Authorisation and Accounting Officer Infrastructure Services | ENG1 E1-1-08 University Of Sussex, Brighton EXT:01273 873900 | INT: 3900