On 11/30/2015 05:34 PM, Alan DeKok wrote:
On Nov 30, 2015, at 11:30 AM, Stefano Mason <stefano.mason@eng-mo.it> wrote:
Thanks Alan, but the alternative isn't good in all situation. When I used the previous code the regex fail with all the password that end with zero, like: mikemouse00. No.
The code I posted converts the User-Password to an *octet* string in Tmp-Octets-0. So if the ASCII version ends with "00", the octet string will end with "3030".
Your code in action from Brocade switch (password MATgia00): Mon Nov 30 17:47:37 2015 : Debug: (1) Received Access-Request Id 143 from XXX.XX.XX.X:13894 to XXX.XXX.XX.XX:1812 length 94 Mon Nov 30 17:47:37 2015 : Debug: (1) User-Name = "bob" Mon Nov 30 17:47:37 2015 : Debug: (1) User-Password = "MATgia00\000\000\000\000\000\000\000\031" Mon Nov 30 17:47:37 2015 : Debug: (1) NAS-IP-Address = XXX.XX.XX.X Mon Nov 30 17:47:37 2015 : Debug: (1) NAS-Identifier = "XXXXXXXXXXXXX" Mon Nov 30 17:47:37 2015 : Debug: (1) Calling-Station-Id = "XX.XX.XXX.XX" Mon Nov 30 17:47:37 2015 : Debug: (1) NAS-Port = 12869 Mon Nov 30 17:47:37 2015 : Debug: (1) NAS-Port-Type = Virtual Mon Nov 30 17:47:37 2015 : Debug: (1) session-state: No State attribute Mon Nov 30 17:47:37 2015 : Debug: (1) # Executing section authorize from file /etc/raddb/sites-enabled/default Mon Nov 30 17:47:37 2015 : Debug: (1) authorize { Mon Nov 30 17:47:37 2015 : Debug: (1) update request { Mon Nov 30 17:47:37 2015 : Debug: (1) Tmp-Octets-0 := &User-Password -> 0x4d415467696130300000000000000019 Mon Nov 30 17:47:37 2015 : Debug: (1) } # update request = noop Mon Nov 30 17:47:37 2015 : Debug: (1) if (Tmp-Octets-0 =~ /^0x00/) { Mon Nov 30 17:47:37 2015 : Debug: No matches Mon Nov 30 17:47:37 2015 : Debug: (1) if (Tmp-Octets-0 =~ /^0x00/) -> FALSE Mon Nov 30 17:47:37 2015 : Debug: (1) if (Tmp-Octets-0 =~ /^(0x(..)+)00/) { Mon Nov 30 17:47:37 2015 : Debug: No matches Mon Nov 30 17:47:37 2015 : Debug: Adding 3 matches Mon Nov 30 17:47:37 2015 : Debug: (1) if (Tmp-Octets-0 =~ /^(0x(..)+)00/) -> TRUE Mon Nov 30 17:47:37 2015 : Debug: (1) if (Tmp-Octets-0 =~ /^(0x(..)+)00/) { Mon Nov 30 17:47:37 2015 : Debug: (1) update request { Mon Nov 30 17:47:37 2015 : Debug: (1) 1/3 Found: 0x4d41546769613030000000000000 (31) Mon Nov 30 17:47:37 2015 : Debug: (1) EXPAND %{1} Mon Nov 30 17:47:37 2015 : Debug: (1) --> 0x4d41546769613030000000000000 Mon Nov 30 17:47:37 2015 : Debug: (1) Tmp-Octets-0 := 0x4d41546769613030000000000000 Mon Nov 30 17:47:37 2015 : Debug: (1) Overwriting value "0x4d415467696130300000000000000019" with "0x4d41546769613030000000000000" Mon Nov 30 17:47:37 2015 : Debug: (1) } # update request = noop Mon Nov 30 17:47:37 2015 : Debug: (1) update request { Mon Nov 30 17:47:37 2015 : Debug: (1) EXPAND %{string:Tmp-Octets-0} Mon Nov 30 17:47:37 2015 : Debug: (1) --> MATgia00\000\000\000\000\000 Mon Nov 30 17:47:37 2015 : Debug: (1) User-Password := MATgia00 Mon Nov 30 17:47:37 2015 : Debug: (1) Overwriting value "MATgia00\000\000\000\000\000\000\000\031" with "MATgia00\000\000\000\000" Mon Nov 30 17:47:37 2015 : Debug: (1) } # update request = noop Mon Nov 30 17:47:37 2015 : Debug: (1) } # if (Tmp-Octets-0 =~ /^(0x(..)+)00/) = noop Cheers. Stefano