radius_compare_vps & regexps w/ multiple match
Phil Mayers
p.mayers at imperial.ac.uk
Wed Oct 3 18:01:51 CEST 2012
All,
This appears to be unintentional, but you can't do this - with a packet:
User-Name = foo
Attrib = val1=x
Attrib = val2=y
...and a "users" file entry of:
DEFAULT Attrib =~ "^val1=(.+)"
# do something
DEFAULT Attrib =~ "^val2=(.+)"
# do something else
The reason seems to be that valuepair.c:radius_compare_vps doesn't use
the passed-in value of "vp" if you're doing a regexp check. Instead, it
calls:
sprintf(buf, "%%{%s}", check->name)
radius_xlat(value, REQUEST, buf, ...)
regexec(..., value)
i.e. it "xlat"s "%{checkname}" then performs the regexp against that.
This is wrong AFAICT - by using "xlat", it throws away "vp" completely,
which breaks the cases where you have >1 value of the same name in the
packet.
However: is this intentional? Does it do something I'm missing?
I think maybe replacing that "radius_xlat" call with a "vp_prints_value"
call on the "vp" argument is the right thing to do?
More information about the Freeradius-Devel
mailing list