Cisco-AVPair regex

Kylián Martin kylianm at plzen.eu
Fri Feb 23 10:44:04 CET 2018


> -----Original Message-----
> From: Freeradius-Users [mailto:freeradius-users-
> bounces+kylianm=plzen.eu at lists.freeradius.org] On Behalf Of Alan DeKok
> Sent: Thursday, February 22, 2018 3:02 PM
> To: FreeRadius users mailing list
> Subject: Re: Cisco-AVPair regex
> 
> On Feb 22, 2018, at 1:53 PM, Kylián Martin <kylianm at plzen.eu> wrote:
> > thanks for everything you do for the community .
> 
>   It's what I do... I'm not *always* cranky...
> 
> > I am using the debian packages (currently 3.0.16+dfsg-1+b1 from the
> unstable release) and I'd love to keep this approach (because of the
> updates). I don't know how exactly the maintainer compile the FR packages,
> but i would not expect the pcre support as enabled during the compilation.
> > Does exist any other way for me how to enable the pcre support ?
> 
>   Install the pcre development headers.  Then build FreeRADIUS from source
> yourself.  Instructions are on the wiki for building a debian package.
> 

I installed the libpcre3-dev package and compiled the latest v3.x code. So far the new build is behaving the same way in regex parsing.
There should be the "--with-pcre" and two more related options present as configuration switch, am i right? 

It runned with:
./configure --build x86_64-linux-gnu \
        --config-cache \
        --disable-developer \
        --disable-openssl-version-check \
        --prefix=/usr \
        --exec-prefix=/usr \
        --mandir=/usr/share/man \
        --sysconfdir=/etc \
        --libdir=/usr/lib/freeradius \
        --datadir=/usr/share \
        --localstatedir=/var \
        --with-raddbdir=/etc/freeradius \
        --with-logdir=/var/log/freeradius \
        --with-large-files \
        --with-udpfromto \
        --without-rlm_eap_tnc \
        --with-rlm_sql_postgresql_lib_dir=`pg_config --libdir` \
        --with-rlm_sql_postgresql_include_dir=`pg_config --includedir` \
        --with-iodbc-include-dir='/usr/include/iodbc' \
        --without-rlm_eap_ikev2 \
        --without-rlm_sql_oracle \
        --without-rlm_sql_unixodbc \
        --enable-reproducible-builds


So I installed the wrong pcre-dev headers most likely. What is the correct pcre dev package for debian systems?



> >>
> >>  Or, use another method to parse the Cisco-AVPairs.  e.g. rlm_perl.
> >
> > This turned out to be ideal. Howerer, passing request to the perl script fails
> on the same thing - attributes are passed empty aswell.
> >
> > (11) Received Accounting-Request Id 57 from 192.168.241.30:34261 to
> 172.31.12.101:1813 length 393
> > ...
> > (11)   Cisco-AVPair = "dhcp-option=\000\014\000\002MK"
> > (11)   Cisco-AVPair = "http-tlv=\000\001\000\031iPhone10,2/11.2.5 (15D60)"
> > (11) # Executing section preacct from file /etc/freeradius/3.0/sites-
> enabled/default
> > (11)   preacct {
> > (11)     [preprocess] = ok
> > (11) sitmp-regex-parser:   $RAD_REQUEST{'Cisco-AVPair'}[0] =
> &request:Cisco-AVPair -> 'audit-session-id=1ef1a8c000052ac48ab18e5a'
> > (11) sitmp-regex-parser:   $RAD_REQUEST{'Cisco-AVPair'}[1] =
> &request:Cisco-AVPair -> 'dhcp-option='
> > (11) sitmp-regex-parser:   $RAD_REQUEST{'Cisco-AVPair'}[2] =
> &request:Cisco-AVPair -> 'http-tlv='
> 
>   Hmm... I guess that expansion isn't binary safe.  Oh well...
> 
> >>  Or, use the "unpack" module to unpack binary data.  See raddb/mods-
> >> available/unpack for documentation.
> >
> > I did.
> >
> > I tried
> >
> >        if (&Cisco-AVPair) {
> >                foreach &Cisco-AVPair {
> >                        if ("%{unpack: &Foreach-Variable-0 0 short}" =~
> /${policy.device_regex}/i) {}
> >       }
> 
>   That won't work.  The Foreach-Variable can't be passed in expansions like
> that.  Plus, even if it did work, you would be unpacking the first 2 bytes of the
> value.  Which are ASCII, and not the number you want.
> 
>   Alan DeKok.
> 
> 
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html



More information about the Freeradius-Users mailing list