Unstructured Attr-26 in unlang
Brian Candler
b.candler at pobox.com
Tue Mar 28 16:47:13 CEST 2017
(FreeRADIUS 3.0.13 under CentOS)
I am trying to deal with a broken device (Aten) which requires an
unstructured attribute 26 [^1]. Using the 'files' module this works [^2]:
bob Cleartext-Password := "hello"
# Vendor-Specific = "su/administrator"
Attr-26 = 0x73752f61646d696e6973747261746f72
But in unlang, this is not accepted:
update reply {
# Vendor-Specific = "su/administrator"
&Attr-26 = 0x73752f61646d696e6973747261746f72
}
Tue Mar 28 14:01:27 2017 : Error: /etc/raddb/policy.d/localpolicy[155]:
Invalid vendor name in attribute name "0x73752f61646d696e6973747261746f72"
Here's the only bit of source I can find which generates that error
message:
if (strncasecmp(p, "Attr-", 5) != 0) {
if (strncasecmp(p, "Vendor-", 7) == 0) {
...
/* must be vendor name */
} else {
char buffer[256];
q = strchr(p, '-');
if (!q) {
fr_strerror_printf("Invalid vendor name in attribute name \"%s\"", name);
return -1;
}
I don't understand why it thinks the attribute *name* is "0x73752f61"...
rather than "Attr-26"
And if I try this:
update reply {
&Attr-26 = "su/administrator"
}
Tue Mar 28 14:25:56 2017 : Error: /etc/raddb/policy.d/localpolicy[154]:
Must use 'Attr-26 = ...' instead of 'Vendor-Specific = ...'
That's an even stranger error: I *am* using Attr-26 like it says!!
Any suggestions how I can get this to work, other than switching from
unlang to files module?
Thanks,
Brian.
[^1] It is so broken that it doesn't even use a vendor ID in the first
four bytes. But I am happy to define a fake vendor which has the correct
four bytes. And RFC 2865 *does* permit unstructured data after the 4
bytes of vendor ID.
[^2] tcpdump confirms it's as expected:
0x0050: .... 1a12 7375 2f61 646d 696e 6973 7472 ....su/administr
0x0060: 6174 6f72 ator
More information about the Freeradius-Users
mailing list