Cisco-AVPair regex
Kylián Martin
kylianm at plzen.eu
Fri Feb 23 10:44:04 CET 2018
> -----Original Message-----
> From: Freeradius-Users [mailto:freeradius-users-
> bounces+kylianm=plzen.eu at lists.freeradius.org] On Behalf Of Alan DeKok
> Sent: Thursday, February 22, 2018 3:02 PM
> To: FreeRadius users mailing list
> Subject: Re: Cisco-AVPair regex
>
> On Feb 22, 2018, at 1:53 PM, Kylián Martin <kylianm at plzen.eu> wrote:
> > thanks for everything you do for the community .
>
> It's what I do... I'm not *always* cranky...
>
> > I am using the debian packages (currently 3.0.16+dfsg-1+b1 from the
> unstable release) and I'd love to keep this approach (because of the
> updates). I don't know how exactly the maintainer compile the FR packages,
> but i would not expect the pcre support as enabled during the compilation.
> > Does exist any other way for me how to enable the pcre support ?
>
> Install the pcre development headers. Then build FreeRADIUS from source
> yourself. Instructions are on the wiki for building a debian package.
>
I installed the libpcre3-dev package and compiled the latest v3.x code. So far the new build is behaving the same way in regex parsing.
There should be the "--with-pcre" and two more related options present as configuration switch, am i right?
It runned with:
./configure --build x86_64-linux-gnu \
--config-cache \
--disable-developer \
--disable-openssl-version-check \
--prefix=/usr \
--exec-prefix=/usr \
--mandir=/usr/share/man \
--sysconfdir=/etc \
--libdir=/usr/lib/freeradius \
--datadir=/usr/share \
--localstatedir=/var \
--with-raddbdir=/etc/freeradius \
--with-logdir=/var/log/freeradius \
--with-large-files \
--with-udpfromto \
--without-rlm_eap_tnc \
--with-rlm_sql_postgresql_lib_dir=`pg_config --libdir` \
--with-rlm_sql_postgresql_include_dir=`pg_config --includedir` \
--with-iodbc-include-dir='/usr/include/iodbc' \
--without-rlm_eap_ikev2 \
--without-rlm_sql_oracle \
--without-rlm_sql_unixodbc \
--enable-reproducible-builds
So I installed the wrong pcre-dev headers most likely. What is the correct pcre dev package for debian systems?
> >>
> >> Or, use another method to parse the Cisco-AVPairs. e.g. rlm_perl.
> >
> > This turned out to be ideal. Howerer, passing request to the perl script fails
> on the same thing - attributes are passed empty aswell.
> >
> > (11) Received Accounting-Request Id 57 from 192.168.241.30:34261 to
> 172.31.12.101:1813 length 393
> > ...
> > (11) Cisco-AVPair = "dhcp-option=\000\014\000\002MK"
> > (11) Cisco-AVPair = "http-tlv=\000\001\000\031iPhone10,2/11.2.5 (15D60)"
> > (11) # Executing section preacct from file /etc/freeradius/3.0/sites-
> enabled/default
> > (11) preacct {
> > (11) [preprocess] = ok
> > (11) sitmp-regex-parser: $RAD_REQUEST{'Cisco-AVPair'}[0] =
> &request:Cisco-AVPair -> 'audit-session-id=1ef1a8c000052ac48ab18e5a'
> > (11) sitmp-regex-parser: $RAD_REQUEST{'Cisco-AVPair'}[1] =
> &request:Cisco-AVPair -> 'dhcp-option='
> > (11) sitmp-regex-parser: $RAD_REQUEST{'Cisco-AVPair'}[2] =
> &request:Cisco-AVPair -> 'http-tlv='
>
> Hmm... I guess that expansion isn't binary safe. Oh well...
>
> >> Or, use the "unpack" module to unpack binary data. See raddb/mods-
> >> available/unpack for documentation.
> >
> > I did.
> >
> > I tried
> >
> > if (&Cisco-AVPair) {
> > foreach &Cisco-AVPair {
> > if ("%{unpack: &Foreach-Variable-0 0 short}" =~
> /${policy.device_regex}/i) {}
> > }
>
> That won't work. The Foreach-Variable can't be passed in expansions like
> that. Plus, even if it did work, you would be unpacking the first 2 bytes of the
> value. Which are ASCII, and not the number you want.
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list