regex 'fun'

Alan DeKok aland at deployingradius.com
Tue Nov 3 14:07:54 CET 2009


Alexander Clouter wrote:
> Okay, maybe my regex is bad...so I tested it:
> ----
> alex at berk:~$ cat moo 
> xwFMNc02QnAbZlQ9wI9tiG at GlobalSignRootCA.test
> xwFMNc02QnAbZlQ9wI9tiG at GlobalSign Root CA
> wobble at example.com
> wibble at example.co.uk
> 
> alex at berk:~$ grep '[[:graph:]]*@\([-[:alnum:]]\+\.\)\+[[:alpha:]]\{2,\}' moo
> xwFMNc02QnAbZlQ9wI9tiG at GlobalSignRootCA.test
> wobble at example.com
> wibble at example.co.uk
> ----
> 
> Any ideas?  Bug?  Feature?

  FreeRADIUS uses the system regex libraries.  grep might be using its
own regex implementation.

  Specifically, I'm not sure [[:alpha:]] and friends are supported by
the system regex library.

  I would suggest writing the rules to sanitize realms in layers:

 - reject requests containing malformed User-Names (spaces, etc.)
 - proxy *known* realms to another virtual server to handle them
 - proxy *other* realms to eduroam.

  Eduroam should really be creating a routing protocol for RADIUS.  I
don't think it would be hard: git + ssh + text files.  See Section 2.7 of:

http://tools.ietf.org/id/draft-dekok-radext-nai-00.txt

  Alan DeKok.



More information about the Freeradius-Users mailing list