policy filter_username
Maja Wolniewicz
mgw at umk.pl
Thu Mar 5 14:16:47 CET 2015
Hello,
I have a problem with the filter_username policy in FR 3.0.7
The rules checking double dots and starting / ending dot evaluate to TRUE
for a correct username
(2) User-Name = 'mgw at umk.pl'
(2) NAS-IP-Address =...
...
(2) # Executing section authorize from file
/opt/FR/etc/raddb/sites-enabled/default-umk
(2) authorize {
(2) policy filter_username {
(2) if (!&User-Name) {
(2) if (!&User-Name) -> FALSE
(2) if (&User-Name =~ / /) {
(2) if (&User-Name =~ / /) -> FALSE
(2) if (&User-Name =~ /@.*@/ ) {
(2) if (&User-Name =~ /@.*@/ ) -> FALSE
(2) if (&User-Name =~ /\.\./ ) {
(2) if (&User-Name =~ /\.\./ ) -> TRUE
(2) if (&User-Name =~ /\.\./ ) {
(2) update reply {
(2) &Reply-Message += 'Rejected: Username contains ..s'
(2) } # update reply = noop
(2) [reject] = reject
(2) } # if (&User-Name =~ /\.\./ ) = reject
(2) } # policy filter_username = reject
..
(2) Invalid user: [mgw at umk.pl] (from client ... )
Maja
--
Maja Gorecka-Wolniewicz mgw at umk.pl
Uczelniane Centrum Information & Communication
Informatyczne Technology Centre
Uniwersytet Mikolaja Kopernika Nicolaus Copernicus University
Coll. Maximum, pl. Rapackiego 1, 87-100 Torun, Poland
tel.: +48 56-611-27-40 fax: +48 56-622-18-50 tel. kom.: +48-693032574
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5278 bytes
Desc: Kryptograficzna sygnatura S/MIME
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20150305/dd3e886c/attachment.bin>
More information about the Freeradius-Users
mailing list