rlm_exec: "multi line" attributes

Alan DeKok aland at deployingradius.com
Thu Jul 3 15:32:43 CEST 2014


Adam Bishop wrote:=
> OK, so the incoming response packet looks like this:
> 
> Thread 5 handling request 7, (4 handled so far)
>         MS-MPPE-Recv-Key = 0x7923d83cd3c96715a4bff2fbcd1d034b6e6bb94dab5749353fe4226bed735e30
>         MS-MPPE-Send-Key = 0x84296547b891279eefdbe7aa6ea802ae2c5b2b4d6ac41e3c2557cdc61829992b
>         EAP-Message = 0x03070004
>         Message-Authenticator = 0x967b16a30ccb2b571dcbcbdb6014760e
>         Proxy-State = 0x30
>         SAML-AAA-Assertion = '<saml:Assertion xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\" IssueInstant=\"2011-03-19T08:30:00Z\" ID=\"foo\" Version=\"2.0\">'
>         SAML-AAA-Assertion = '<saml:Issuer>urn:mace:incommon:osu.edu</saml:Issuer>'
>         SAML-AAA-Assertion = '<saml:AttributeStatement>'
>         SAML-AAA-Assertion = '<saml:Attribute NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\" Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.6\"><saml:AttributeValue>cantor.2 at osu.edu</saml:AttributeValue></saml:Attribute>'
>         SAML-AAA-Assertion = '<saml:Attribute NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\" Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.7\"><saml:AttributeValue>moonshot</saml:AttributeValue></saml:Attribute>'
>         SAML-AAA-Assertion = '</saml:AttributeStatement>'
>         SAML-AAA-Assertion = '</saml:Assertion>'

  OK... with multiple attributes of the same name.

> The script itself just writes `env` to a text file, which only has the final line stored:

  So you're looking for the request, not the response.

  Putting request attributes into the environment is a bit of a hack.
It only works for one attribute.

  If you need access to multiple attributes, use rlm_perl.

> Interestingly, some double quotes have found their way into the environment variable too.

  That could be fixed, I guess.

  Alan DeKok.


More information about the Freeradius-Users mailing list