rlm_files: Collided users not always sorted

Dylan Jones heyjonesey at gmail.com
Mon Jul 13 18:33:32 CEST 2015


I believe I have found a bug in that when I have a lot of users with
similar enough naming that results in hash collisions, the collided users
in the linked list are not always properly sorted.  This results in a noop
from the rlm_files module and authentication failure.  I have tested 2.1.7
and a 3.1 pull from git.

Since I'm unable to paste such a large users file, hopefully this TCL
snippet, which you can redirect to a file, will suffice to generate the
users file.

#! /usr/bin/env tclsh

set users [list]
set pw "thisisatest"
for {set i 8} {$i < 16} {incr i} {
  for {set j 0} {$j < 32768} {incr j} {
    lappend users "[format %016d [expr {$j +
1}]]@aaaaa${i}.com\tCleartext-Password := \"$pw\""
  }
}

puts [join $users "\n"]

In this file, there will be 6 users that cannot be authenticated and it
always seems to happen in pairs.

Mon Jul 13 12:17:40 2015 : Auth: (0) Login incorrect (No Auth-Type found:
rejecting the user via Post-Auth-Type = Reject): [
0000000000026311 at aaaaa10.com/thisisatest] (from client name port 0)
Mon Jul 13 12:17:49 2015 : Auth: (1) Login incorrect (No Auth-Type found:
rejecting the user via Post-Auth-Type = Reject): [
0000000000026311 at aaaaa11.com/thisisatest] (from client name port 0)
Mon Jul 13 12:17:53 2015 : Auth: (2) Login incorrect (No Auth-Type found:
rejecting the user via Post-Auth-Type = Reject): [
0000000000028649 at aaaaa12.com/thisisatest] (from client name port 0)
Mon Jul 13 12:17:57 2015 : Auth: (3) Login incorrect (No Auth-Type found:
rejecting the user via Post-Auth-Type = Reject): [
0000000000028649 at aaaaa13.com/thisisatest] (from client name port 0)
Mon Jul 13 12:18:00 2015 : Auth: (4) Login incorrect (No Auth-Type found:
rejecting the user via Post-Auth-Type = Reject): [
0000000000028471 at aaaaa14.com/thisisatest] (from client name port 0)
Mon Jul 13 12:18:05 2015 : Auth: (5) Login incorrect (No Auth-Type found:
rejecting the user via Post-Auth-Type = Reject): [
0000000000028471 at aaaaa15.com/thisisatest] (from client name port 0)


I have debugged this to the point where if I relax the 'if (cmp > 0)
break;' in list_find to 'if (cmp > 0) continue;', forcing a further walk of
the list, my users will be authenticated.

At this point though, the reverse split-ordered list is a bit beyond me and
I'm looking for some help.  Any ideas?  Is this enough for a defect?

Thanks, Dylan


More information about the Freeradius-Users mailing list