Cannot get value of config item with \\
Matej Vadnjal
matej.vadnjal at arnes.si
Mon Feb 2 07:40:40 CET 2009
Hello
I'm having trouble getting the value of auth_pool of a realm. Realms are
defined as regular expressions matched by suffix module against the domain
portion of users username.
The problem is when the realm regex contains \\ (eg: "~^example\\.com$") the
config variable is not found:
++? if ("%{config:realm[%{Realm}].auth_pool}" =~ /%{client-shortname}/i)
expand: realm[%{Realm}].auth_pool -> realm[~^example\\.com$].auth_pool
WARNING: No such configuration item realm[~^example\\.com$].auth_pool
expand: %{config:realm[%{Realm}].auth_pool} ->
expand: %{client-shortname} -> idp
If I change the realm regex so it has no \\ (eg: "~^example.com$") it is found
correctly:
++? if ("%{config:realm[%{Realm}].auth_pool}" =~ /%{client-shortname}/i)
expand: realm[%{Realm}].auth_pool -> realm[~^example.com$].auth_pool
expand: %{config:realm[%{Realm}].auth_pool} -> idp_pool
expand: %{client-shortname} -> idp
My config looks something like this:
sites-enabled/default:
authorize {
preprocess
suffix # Sets Realm variable
files
if ("%{config:realm[%{Realm}].auth_pool}" =~ /%{client-shortname}/i) {
reject
}
}
...
proxy.conf:
home_server idp {
type = auth
ipaddr = 10.0.99.110
port = 1812
secret = secret
response_window = 20
zombie_period = 40
revive_interval = 120
status_check = status-server
check_interval = 30
num_answers_to_alive = 3
}
home_server_pool idp_pool {
type = client-balance
home_server = idp
}
realm "~^example\\.com$" {
nostrip
auth_pool = idp_pool
}
clients.conf:
client 10.0.99.110 {
secret = secret
shortname = idp
nastype = other
}
Is this a bug or a safety feature (preventing some sort of injection attacks)?
I tried all sorts of combination of single quites, double quotes, no quotes,
but to no avail.
Am I missing something obvious? Any ideas would be appreciated.
--
Matej Vadnjal
ANRES
More information about the Freeradius-Users
mailing list