Trimming character of variables within configuration files

Alan DeKok aland at deployingradius.com
Wed Apr 17 15:40:37 CEST 2013


P. Manton wrote:
> OK, So I see there is a preprocess module that says you can manipulate
> attributes:
> 
> #  The preprocess module takes care of sanitizing some bizarre
> #  attributes in the request, and turning them into attributes
> #  which are more standard.

  Yes.  Quoting the configuration files here is useful.  It's not like
we've seen them before.

>  so I added the following:
>
>    if (User-Password =~ /^(.+)([0-9]{6})$/) {
>      update request {
>        User-Password = "%{1}"
>        Some-PIN-Attr = "%{2}"
>      }
>    }

  Which has absolutely nothing to do with the preprocess module.  That
is the generic attribute conditions / rewriting, as documented in "man
unlang".

> Although it did not trim the password and returned Access_Reject (I also
> saw from the debug that the 6 digit number had not been trimmed) , so I
> also attempted to add this to the ntlm_auth module with the same result,
> I am really at a loss here..

  You're adding random bits of text to random configuration files.  That
won't work.

  Adding "unlang" if/update sections to module configurtions WILL NOT
WORK.  And if you read "man unlang", it's DOCUMENTED as not working.

  You need to put the if/update sections inside of the
raddb/sites-enabled/ files.  They WILL NOT WORK anywhere else.

  Alan DeKok.


More information about the Freeradius-Users mailing list