Unprintable Characters
We have a set of NAS's that are at the end of an unreliable (GSM) connection managed by a third party. Sometimes the AuthN requests are sent to us malformed - like you'd see if the shared secret is correct, except it can't be because well formed requests are interspersed with malformed ones, seconds apart with the same source and destination servers. Unfortunately the user name is almost always intact, so the request is valid enough to be processed and, eventually lockout the afflicted user's account. While the vendor tries to fix their problem so this doesn't happen, I need to filter out the malformed requests. I can do this by writing a regex to bin any requests that contain any unprintable characters (as FreeRADIUS does using fr_utf8_char()), but before I sit down and try and figure that out is there a better way to do this? Is the check done by FreeRADIUS for unprintable characters available to unlang (or if not, would this be easy to expose)? Regards, Adam Bishop gpg: 0x6609D460 jisc.ac.uk Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800. Jisc Collections and Janet Ltd. is a wholly owned Jisc subsidiary and a company limited by guarantee which is registered in England under Company No. number 2881024, VAT No. GB 197 0632 86. The registered office is: Lumen House, Library Avenue, Harwell, Didcot, Oxfordshire, OX11 0SG. T 01235 822200.
On 3 Mar 2015, at 19:02, Adam Bishop <Adam.Bishop@jisc.ac.uk> wrote:
We have a set of NAS's that are at the end of an unreliable (GSM) connection managed by a third party. Sometimes the AuthN requests are sent to us malformed - like you'd see if the shared secret is correct, except it can't be because well formed requests are interspersed with malformed ones, seconds apart with the same source and destination servers.
Unfortunately the user name is almost always intact, so the request is valid enough to be processed and, eventually lockout the afflicted user's account.
While the vendor tries to fix their problem so this doesn't happen, I need to filter out the malformed requests.
I can do this by writing a regex to bin any requests that contain any unprintable characters (as FreeRADIUS does using fr_utf8_char()), but before I sit down and try and figure that out is there a better way to do this?
Is the check done by FreeRADIUS for unprintable characters available to unlang (or if not, would this be easy to expose)?
Use rlm_utf8. It will check all the string attributes in the request to make sure they only contain valid UTF8 chars. If you want to only allow ranges of chars, you'll need a regex. -Arran Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS development team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
participants (2)
-
Adam Bishop -
Arran Cudbard-Bell