bug in token.c ?

Alan DeKok aland at deployingradius.com
Tue Jul 26 11:06:29 CEST 2011


Oliver Schröder wrote:
> I'm currently evaluating if we are able to replace our comercial radius
> with freeradius.

  The answer is, of course, "yes".  FreeRADIUS does more than any of the
commecial servers, and is easier to use.

> My current approach is to make heavy use of the "hints" file, in which I
> attach different attributes to the requests, which in turn get evaluated
> via unlang. In most cases the distinction of the different cases is
> based on a username/nas combination and to correctly handle the
> different usernames I use regexps in the hints file. One simple example
> is this:
> 
> DEFAULT User-Name =~ "(.*\.de\.de$)"
>         Hint := "Blacklist"
> 
> It is aimed to match User-Names like "x at whatever.de.de". In this case
> the quoted string should not be interpreted but given to regcomp as it is.

  Well, no.  Look at what you've typed: It's a double-quoted string, not
a regex.  The parser reads the double-quoted string, removes the
backslashes to get what you want (including \"), and then passes the
rest to the regex engine.

  So you need two backslashes.  Your patch to token.c would break *all*
interpretation of double-quoted strings.

  The explanation is clear, even if the resulting string looks weird.

  Alan DeKok.



More information about the Freeradius-Devel mailing list