linelog module crashing freeradius server
Anirudh Malhotra
8zero2ops at gmail.com
Fri Sep 30 06:31:15 CEST 2016
Hi,
I have noticed a strange behaviour, I have line log configured to do
logging at various steps. In one of the steps i print the username in logs.
Now when the username is non english font(any other language viz hindi,
arabic, russian, chinese tested with these) it crashes the freeradius
application.
Debug log is as follows
124456) Received Access-Request Id 164 from 10.198.64.10:54713 to
10.40.125.30:1812 length 319
(124456) User-Name = " रहलहवकह"
(124456) Chargeable-User-Identity = 0x0a
(124456) Location-Capable = Civix-Location
(124456) Calling-Station-Id = "xxxxx"
(124456) Called-Station-Id = "xxxx"
(124456) NAS-Port = 8
(124456) Cisco-AVPair = "audit-session-id=0a40c60a000653d3eee5ec57"
(124456) Acct-Session-Id = "57ece5ee/xxxxx/329431"
(124456) NAS-IP-Address = xxxxx
(124456) NAS-IPv6-Address = 2001::2001
(124456) NAS-Identifier = "xxxxxx"
(124456) Airespace-Wlan-Id = 34
(124456) Service-Type = Framed-User
(124456) Framed-MTU = 1300
(124456) NAS-Port-Type = Wireless-802.11
(124456) Tunnel-Type:0 = VLAN
(124456) Tunnel-Medium-Type:0 = IEEE-802
(124456) Tunnel-Private-Group-Id:0 = "807"
(124456) EAP-Message =
0x0201001b0120e0a4b0e0a4b9e0a4b2e0a4b9e0a4b5e0a495e0a4b9
(124456) Message-Authenticator = 0xf478d56d8c1d498752fbd782302cf884
(124456) # Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
(124456) authorize {
(124456) if (!&session-state:unique-session-id) {
(124456) if (!&session-state:unique-session-id) -> TRUE
(124456) if (!&session-state:unique-session-id) {
(124456) update {
(124456) Executing: /usr/bin/shuf -n 1 -i 0-99999:
(124456) Program returned code (0) and output '42345'
(124456) EXPAND %{exec: /usr/bin/shuf -n 1 -i 0-99999}
(124456) --> 42345
(124456) &session-state:unique-session-id = 42345
(124456) } # update = noop
(124456) } # if (!&session-state:unique-session-id) = noop
(124456) policy filter_username {
(124456) update control {
(124456) linelogvar := "request_attrs"
(124456) } # update control = noop
(124456) linelog: EXPAND messages.%{%{control:linelogvar}:-default}
(124456) linelog: --> messages.request_attrs
linelog module config
reference = "messages.%{%{control:linelogvar}:-default}"
messages {
request_attrs =
"%{User-Name},%{Calling-Station-Id},%{Called-Station-Id},%{NAS-Port},%{Acct-Session-Id},%{NAS-IP-Address},%{NAS-Identifier},%{Airespace-Wlan-Id},%{Service-Type},%{Framed-MTU},%{NAS-Port-Type},%{Tunnel-Type:0},%{Tunnel-Medium-Type:0},%{Tunnel-Private-Group-Id:0},%T,%{md5:%{Acct-Session-Id},%{session-state:unique-session-id}},Request:,%{EAP-Type}"
}
policy filter_username
update control {
linelogvar := "request_attrs"
}
linelog
Although I have made a workaround of rejecting as well as substituting non
english font usernames. This is to make the community aware if it is not
already. Also I dont think some of us would like to reject non english
username do we?
BR,
Anirudh Malhotra
Mail: 8zero2.in at gmail.com
Facebook: www.facebook.com/8zero2
Twitter: @8zero2_in
Blog: blog.8zero2.in
More information about the Freeradius-Users
mailing list