Freeradius 3.0.10 sigsegv
Luca Palazzo
luca.palazzo at unict.it
Tue Jan 12 17:29:32 CET 2016
Alan,
I tried a lot of things in these days.
The crash has something to do with the sql-group.
No using it, it does not crash.
It seem to crash when SQL-Group attribute is null, when a user is not
found in usergroup table.
Can you look deeper in it?
BTW: I tried to do the same filter using huntgroup, but I must have
missed something, because it does not work.
My huntgorup is this:
eduroam Called-Station-Id =~ ".*:eduroam$"
eduroam Airespace-Wlan-Id == 3
SQL-Group == wireless
So no other people than those one in wireless group should be able to
use eduroam. But this does not work
Luca
Il 06/01/16 22:53, Alan DeKok ha scritto:
> On Jan 6, 2016, at 4:46 PM, Luca Palazzo <luca.palazzo at unict.it> wrote:
>>
>> I've just commented it but i got same sigsegv:
>>
>> Program received signal SIGSEGV, Segmentation fault.
>> 0x00007ffff7bc77a0 in paircompare (request=request at entry=0x950d60, req_list=0x951010, check=check at entry=0x952b00, rep_list=rep_list at entry=0x0) at src/main/pair.c:536
>> 536 if ((auth_item->da == from) || (!from)) {
>> (gdb) p from
>> $1 = (const DICT_ATTR *) 0x68ff50
>> (gdb) p auth_item
>> $2 = (VALUE_PAIR *) 0x2e696d696c6f7040
>> (gdb) p auth_item->da
>> Cannot access memory at address 0x2e696d696c6f7040
>
> That's a garbage value. The server is accessing an attribute which was deleted.
>
>> (gdb)
>>
>> Only this part remains:
>>
>> if (EAP-Message) {
>> if ( Called-Station-ID =~ /.*:eduroam$/ )
>>
>> if ( SQL-Group == studente ) {
>> reject
>> update reply {
>> Reply-Message = "Eduroam access for students allowed only if you are outside UniCT campus"
>> }
>
> The "update reply" will never get used. As soon as the server sees the "reject", the packets will be rejected.
>
> So swap the order or "reject" and "update reply". I don't think it will help, though.
>
> Ad what packet makes it SEGV? You have the code checking for multiple things. Does it SEGV for *all* of them? Or just one? If it's just one, can you delete the *other* checks and still have it SEGV?
>
> It would help a LOT to have a simple configuration which I can use here. Right now, your configuration depends on local SQL-Groups, and other things (EAP config, SQL server), which I don't have access to.
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list