Cisco-AVPair regex

Alan DeKok aland at deployingradius.com
Thu Feb 22 15:02:29 CET 2018


On Feb 22, 2018, at 1:53 PM, Kylián Martin <kylianm at plzen.eu> wrote:
> thanks for everything you do for the community .

  It's what I do... I'm not *always* cranky...

> I am using the debian packages (currently 3.0.16+dfsg-1+b1 from the unstable release) and I'd love to keep this approach (because of the updates). I don't know how exactly the maintainer compile the FR packages, but i would not expect the pcre support as enabled during the compilation.
> Does exist any other way for me how to enable the pcre support ? 

  Install the pcre development headers.  Then build FreeRADIUS from source yourself.  Instructions are on the wiki for building a debian package.

>> 
>>  Or, use another method to parse the Cisco-AVPairs.  e.g. rlm_perl.
> 
> This turned out to be ideal. Howerer, passing request to the perl script fails on the same thing - attributes are passed empty aswell.
> 
> (11) Received Accounting-Request Id 57 from 192.168.241.30:34261 to 172.31.12.101:1813 length 393
> ...
> (11)   Cisco-AVPair = "dhcp-option=\000\014\000\002MK"
> (11)   Cisco-AVPair = "http-tlv=\000\001\000\031iPhone10,2/11.2.5 (15D60)"
> (11) # Executing section preacct from file /etc/freeradius/3.0/sites-enabled/default
> (11)   preacct {
> (11)     [preprocess] = ok
> (11) sitmp-regex-parser:   $RAD_REQUEST{'Cisco-AVPair'}[0] = &request:Cisco-AVPair -> 'audit-session-id=1ef1a8c000052ac48ab18e5a'
> (11) sitmp-regex-parser:   $RAD_REQUEST{'Cisco-AVPair'}[1] = &request:Cisco-AVPair -> 'dhcp-option='
> (11) sitmp-regex-parser:   $RAD_REQUEST{'Cisco-AVPair'}[2] = &request:Cisco-AVPair -> 'http-tlv='

  Hmm... I guess that expansion isn't binary safe.  Oh well...

>>  Or, use the "unpack" module to unpack binary data.  See raddb/mods-
>> available/unpack for documentation.
> 
> I did.
> 
> I tried
> 
>        if (&Cisco-AVPair) {
>                foreach &Cisco-AVPair {
>                        if ("%{unpack: &Foreach-Variable-0 0 short}" =~ /${policy.device_regex}/i) {}
>       }

  That won't work.  The Foreach-Variable can't be passed in expansions like that.  Plus, even if it did work, you would be unpacking the first 2 bytes of the value.  Which are ASCII, and not the number you want.

  Alan DeKok.




More information about the Freeradius-Users mailing list