Oddity in regex

Stefan Paetow Stefan.Paetow at ja.net
Wed Aug 27 17:49:27 CEST 2014


I have two servers, one here (in my office, with CentOS 6.5) and one at another facility (with RHEL 6.5). Both are running FreeRADIUS 3.0.4 rc 1 from what I can establish.

I have these attributes in my reply:

MS-MPPE-Encryption-Policy = Encryption-Required
MS-MPPE-Encryption-Types = 4
MS-MPPE-Send-Key = 0xf1ad6cfa6e603b2bdb8480bd7ac84239
MS-MPPE-Recv-Key = 0x6cfc74047d13c6efa111a66fd9e360f4
EAP-Message = 0x03020004
Message-Authenticator = 0x00000000000000000000000000000000
SAML-AAA-Assertion = '<saml:Assertion xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\" IssueInstant=\"2014-08-22T13:48:00\" ID=\"e9e79e59-9fb5-4b4e-b8c6-a4ef77559516\" Version=\"2.0\">'
SAML-AAA-Assertion = '<saml:Issuer>urn:mace:ac.uk:diamond.ac.uk</saml:Issuer>'
SAML-AAA-Assertion = '<saml:AttributeStatement><saml:Attribute NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\" Name=\"urn:oid:\">'
SAML-AAA-Assertion = '<saml:AttributeValue>sysdev</saml:AttributeValue>'
SAML-AAA-Assertion = '</saml:Attribute></saml:AttributeStatement></saml:Assertion>'

In the server config in my office, I can use the below expression:

if ("%{reply:SAML-AAA-Assertion[*]}" =~ /("urn:oid:1\.3\.6\.1\.4\.1\.5923\.1\.1\.1\.7")((\n|.)*?)(<saml:AttributeValue>)(\n*)(.*?)(\n*)(<\/saml:AttributeValue>)/) {

This happily resolves to TRUE on the local server.  However, on the second server, it resolves to FALSE, and I have to use the below there:

if ("%{reply:SAML-AAA-Assertion[*]}" =~ /(urn\:oid\:1\.3\.6\.1\.4\.1\.5923\.1\.1\.1\.7)((\n|.)*?)(\<saml\:AttributeValue>)(\n*)(.*?)(\n*)(\<\/saml\:AttributeValue>)/) {

The two regular expressions are the same with the following exceptions: All colons are escaped, all greater-as and smaller-as signs are escaped, and apparently the other server does not like having the quotes in the first regex group, even when escaped, or when using the \Q and \E modifiers before and after.

According to several regex tests, the above should be ok, so... question to you regular expression whizzes and to Arran and Alan is: Why does the former not work on the second server? It seems the un-escaped colons and the quotes trip the regex up even though it should be ok?

Stefan Paetow
Moonshot Industry & Research Liaison Coordinator
t: +44 (0)1235 822 125

Janet, the UK's research and education network.

Janet(UK) is a trading name of Jisc Collections and Janet Limited, a 
not-for-profit company which is registered in England under No. 2881024 
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140827/f42b5a1a/attachment.html>

More information about the Freeradius-Users mailing list