Regexp match wrongly copied to control list
mcn4 at leicester.ac.uk
Sat Jun 16 01:56:54 CEST 2012
On Fri, Jun 15, 2012 at 06:45:26PM +0100, Brian Candler wrote:
> I have an issue with FreeRadius 2.1.12.
> If I make use of a check/control regexp match in either rlm_sql or
> rlm_files, and the match succeeds, then a spurious attribute is added onto
> the control list containing the regexp which was matched.
Starts at src/modules/rlm_files/rlm_files.c:473, unchanged since
if the pairs to match are found in the incoming request
add the reply pairs from the users file to the reply list
add the matched non-comparison check items to the control list
> It only seems to be a side-effect of the regexp match. If instead I use:
> DEFAULT User-Name == "test at example.com"
> Reply-Message += "Matched"
> then the control:User-Name is not updated.
That comes from src/lib/valuepair.c:435 ish, in pairmove(). It
doesn't copy comparison operators.
Given valuepair.c:495 ("Very bad code. Barely working, if at
all.") and the case T_OP_REG_EQ section that is ifdef'd out, I'd
suggest the following patch might be sensible.
diff --git a/src/lib/valuepair.c b/src/lib/valuepair.c
index 150c311..98169ab 100644
@@ -443,6 +443,8 @@ void pairmove(VALUE_PAIR **to, VALUE_PAIR **from)
+ case T_OP_REG_EQ:
+ case T_OP_REG_NE:
tailfrom = i;
Totally untested of course :). The 'case T_OP_REG_EQ' has been
removed in the master branch. There may be other cases where it's
assumed =~ is more like := than ==. If so, the documentation at
http://wiki.freeradius.org/Operators needs fixing instead.
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
More information about the Freeradius-Devel