User-Name return glitch in FR 3.0.17?

Stefan Paetow Stefan.Paetow at jisc.ac.uk
Mon Apr 23 18:22:19 CEST 2018 

Just to add to this:

When I add this block above the 'update { ... }' block in the post-auth section, things work again:

update reply {
User-Name !* ANY
}

So there's some leakage going on...

> (7) # Executing section post-auth from file /etc/raddb/sites-enabled/abfab-tr-idp
> (7)   post-auth {
> (7)     update {
> (7)       &reply::Moonshot-Host-TargetedId += &session-state:Moonshot-Host-TargetedId[*] -> '33127397-1bb6-5e95-8859-dfe76acfba67 at idp.test.assent'
> (7)       &reply::Moonshot-Realm-TargetedId += &session-state:Moonshot-Realm-TargetedId[*] -> 'abd0d71b-7294-5423-86b1-3fae0bd7b33a at idp.test.assent'
> (7)       &reply::Moonshot-TR-COI-TargetedId += &session-state:Moonshot-TR-COI-TargetedId[*] -> 'b40d0def-5b25-52bd-8d13-e6d22fa24648 at idp.test.assent'
> (7)       &reply::EAP-Channel-Binding-Message += &session-state:EAP-Channel-Binding-Message[*] -> 0x02002a01a40648545450a524736572766963652e6d6f6f6e73686f742d706c617970656e2e74692e6a612e6e6574
> (7)       &reply::Reply-Message += &session-state:Reply-Message[*] -> 'Bob has authenticated'
> (7)       &reply::User-Name += &session-state:User-Name[*] -> 'root'
> (7)     } # update = noop
> (7)     [exec] = noop
> (7)     policy remove_reply_message_if_eap {
> (7)       if (&reply:EAP-Message && &reply:Reply-Message) {
> (7)       if (&reply:EAP-Message && &reply:Reply-Message)  -> TRUE
> (7)       if (&reply:EAP-Message && &reply:Reply-Message)  {
> (7)         update reply {
> (7)           &Reply-Message !* ANY
> (7)         } # update reply = noop
> (7)       } # if (&reply:EAP-Message && &reply:Reply-Message)  = noop
> (7)       ... skipping else: Preceding "if" was taken
> (7)     } # policy remove_reply_message_if_eap = noop
> (7)   } # post-auth = noop
> (7) Sent Access-Accept Id 83 from 0.0.0.0:2083 to 13.94.115.212:48186 length 0
> (7)   MS-MPPE-Recv-Key = 0x1ee8bbd31cd79fd4e98d946e946e1f976b7aaebd6e5412b4bab51b2e2d784c9c
> (7)   MS-MPPE-Send-Key = 0x4de6d0ddcf7a725afc0a7e4b7fb2478b5c59a76ac5689342d33fbcdb4787f2c7
> (7)   EAP-Message = 0x03070004
> (7)   Message-Authenticator = 0x00000000000000000000000000000000
> (7)   User-Name = "@idp.test.assent"
> (7)   Proxy-State = 0x30
> (7)   Moonshot-Host-TargetedId += "33127397-1bb6-5e95-8859-dfe76acfba67 at idp.test.assent"
> (7)   Moonshot-Realm-TargetedId += "abd0d71b-7294-5423-86b1-3fae0bd7b33a at idp.test.assent"
> (7)   Moonshot-TR-COI-TargetedId += "b40d0def-5b25-52bd-8d13-e6d22fa24648 at idp.test.assent"
> (7)   EAP-Channel-Binding-Message += 0x02002a01a40648545450a524736572766963652e6d6f6f6e73686f742d706c617970656e2e74692e6a612e6e6574
> (7)   User-Name += "root"
> (7) Finished request
> Thread 3 waiting to be assigned a request
> Waking up in 4.2 seconds.
> (0) Cleaning up request packet ID 222 with timestamp +5
> (1) Cleaning up request packet ID 207 with timestamp +5
> (2) Cleaning up request packet ID 84 with timestamp +5
> (3) Cleaning up request packet ID 66 with timestamp +5
> (4) Cleaning up request packet ID 35 with timestamp +5
> Closing TLS socket from client port 48186
> (0) >>> send TLS 1.2  [length 0002]
> Client has closed connection
> (5) Cleaning up request packet ID 183 with timestamp +5
> (6) Cleaning up request packet ID 189 with timestamp +5
> ... shutting down socket auth from client (13.94.115.212, 48186) -> (*, 2083, virtual-server=abfab-idp)
> (7) Cleaning up request packet ID 83 with timestamp +5
> Waking up in 2.9 seconds.
> ... cleaning up socket auth from client (13.94.115.212, 48186) -> (*, 2083, virtual-server=abfab-idp)
> Ready to process requests
> 
> -- log ends --
> 
> :-/
> 
> Stefan Paetow
> Consultant, Trust and Identity
> 
> t: +44 (0)1235 822 125
> gpg: 0x3FCE5142
> xmpp: stefanp at jabber.dev.ja.net
> skype: stefan.paetow.janet
> 
> jisc.ac.uk
> 
> Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800.
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Stefan Paetow
Consultant, Trust and Identity

t: +44 (0)1235 822 125
gpg: 0x3FCE5142
xmpp: stefanp at jabber.dev.ja.net
skype: stefan.paetow.janet

jisc.ac.uk

Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 529 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20180423/0c6fb6f0/attachment.sig>

More information about the Freeradius-Users mailing list