Cisco-AVPair regex
Kylián Martin
kylianm at plzen.eu
Fri Feb 23 12:56:26 CET 2018
> -----Original Message-----
> From: Freeradius-Users [mailto:freeradius-users-
> bounces+kylianm=plzen.eu at lists.freeradius.org] On Behalf Of Matthew
> Newton
> Sent: Friday, February 23, 2018 12:26 PM
> To: freeradius-users at lists.freeradius.org
> Subject: Re: Cisco-AVPair regex
>
> On Fri, 2018-02-23 at 17:21 +0600, Arran Cudbard-Bell wrote:
> > > On Feb 23, 2018, at 4:30 PM, Matthew Newton <mcn at freeradius.org>
> > > wrote:
> > > On Fri, 2018-02-23 at 09:44 +0000, Kylián Martin wrote:
> > > > So I installed the wrong pcre-dev headers most likely.
> > >
> > > What did the output from configure say?
> >
> > also radiusd -Xv will tell you which regex engine the server is
> > using.
>
> radiusd -Xxv
The output looks good:
Fri Feb 23 12:44:09 2018 : Info: radiusd: FreeRADIUS Version 3.0.17 (git #86e1e83b7), for host x86_64-pc-linux-gnu
Fri Feb 23 12:44:09 2018 : Debug: Server was built with:
Fri Feb 23 12:44:09 2018 : Debug: accounting : yes
Fri Feb 23 12:44:09 2018 : Debug: authentication : yes
Fri Feb 23 12:44:09 2018 : Debug: ascend-binary-attributes : yes
Fri Feb 23 12:44:09 2018 : Debug: coa : yes
Fri Feb 23 12:44:09 2018 : Debug: control-socket : yes
Fri Feb 23 12:44:09 2018 : Debug: detail : yes
Fri Feb 23 12:44:09 2018 : Debug: dhcp : yes
Fri Feb 23 12:44:09 2018 : Debug: dynamic-clients : yes
Fri Feb 23 12:44:09 2018 : Debug: osfc2 : no
Fri Feb 23 12:44:09 2018 : Debug: proxy : yes
Fri Feb 23 12:44:09 2018 : Debug: regex-pcre : yes
Fri Feb 23 12:44:09 2018 : Debug: regex-posix : no
Fri Feb 23 12:44:09 2018 : Debug: regex-posix-extended : no
Fri Feb 23 12:44:09 2018 : Debug: session-management : yes
Fri Feb 23 12:44:09 2018 : Debug: stats : yes
Fri Feb 23 12:44:09 2018 : Debug: tcp : yes
Fri Feb 23 12:44:09 2018 : Debug: threads : yes
Fri Feb 23 12:44:09 2018 : Debug: tls : yes
Fri Feb 23 12:44:09 2018 : Debug: unlang : yes
Fri Feb 23 12:44:09 2018 : Debug: vmps : yes
Fri Feb 23 12:44:09 2018 : Debug: developer : no
Fri Feb 23 12:44:09 2018 : Debug: Server core libs:
Fri Feb 23 12:44:09 2018 : Debug: freeradius-server : 3.0.17
Fri Feb 23 12:44:09 2018 : Debug: talloc : 2.0.*
Fri Feb 23 12:44:09 2018 : Debug: ssl : 1.1.0f release
Fri Feb 23 12:44:09 2018 : Debug: pcre : 8.39 2016-06-14
Fri Feb 23 12:44:09 2018 : Debug: Endianness:
Fri Feb 23 12:44:09 2018 : Debug: little
Fri Feb 23 12:44:09 2018 : Debug: Compilation flags:
Fri Feb 23 12:44:09 2018 : Debug: cppflags : -Wdate-time -D_FORTIFY_SOURCE=2
Fri Feb 23 12:44:09 2018 : Debug: cflags : -I. -Isrc -include src/freeradius-devel/autoconf.h -include src/freeradius-devel/build.h -include src/freeradius-devel/features.h -include src/freeradius-devel/radpaths.h -fno-strict-aliasing -g -O2 -fdebug-prefix-map=/root/freeradius-server=. -fstack-protector-strong -Wformat -Werror=format-security -O2 -Wall -std=c99 -D_GNU_SOURCE -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5 -DNDEBUG -DIS_MODULE=1
Fri Feb 23 12:44:09 2018 : Debug: ldflags : -Wl,-z,relro
Fri Feb 23 12:44:09 2018 : Debug: libs : -lcrypto -lssl -ltalloc -lpcre -lcap -lnsl -lresolv -ldl -lpthread -lreadline
Here is the unlang snippet
device_regex = '^(http-tlv=){1}([\\][0-9]{1,3}){1,5}(.*)$'
regex_device_type {
if (&Cisco-AVPair) {
foreach &Cisco-AVPair {
if ("%{string:%{Foreach-Variable-0}}" =~ /{policy.device_regex}/i) {
update request {
&Calling-Device += "%{3} "
}
}
}
}
}
These attributes
(11) Cisco-AVPair = "audit-session-id=1ef1a8c0000536beb5ff8f5a"
(11) Cisco-AVPair = "dhcp-option=\000\014\000\002MK"
(11) Cisco-AVPair = "http-tlv=\000\001\000\031iPhone10,2/11.2.5 (15D60)"
Are expanded as
(11) policy regex_device_type {
(11) if (&Cisco-AVPair) {
(11) if (&Cisco-AVPair) -> TRUE
(11) if (&Cisco-AVPair) {
(11) foreach &Cisco-AVPair
(11) if ("%{string:%{Foreach-Variable-0}}" =~ /{policy.device_regex}/i) {
(11) EXPAND Foreach-Variable-0
(11) --> audit-session-id=1ef1a8c0000536beb5ff8f5a
(11) EXPAND %{string:%{Foreach-Variable-0}}
(11) -->
(11) if ("%{string:%{Foreach-Variable-0}}" =~ /{policy.device_regex}/i) -> FALSE
(11) if ("%{string:%{Foreach-Variable-0}}" =~ /{policy.device_regex}/i) {
(11) EXPAND Foreach-Variable-0
(11) --> dhcp-option=
(11) EXPAND %{string:%{Foreach-Variable-0}}
(11) -->
(11) if ("%{string:%{Foreach-Variable-0}}" =~ /{policy.device_regex}/i) -> FALSE
(11) if ("%{string:%{Foreach-Variable-0}}" =~ /{policy.device_regex}/i) {
(11) EXPAND Foreach-Variable-0
(11) --> http-tlv=
(11) EXPAND %{string:%{Foreach-Variable-0}}
(11) -->
(11) if ("%{string:%{Foreach-Variable-0}}" =~ /{policy.device_regex}/i) -> FALSE
(11) } # foreach &Cisco-AVPair = ok
(11) } # if (&Cisco-AVPair) = ok
(11) } # policy regex_device_type = ok
I also suspected the foreach itself, but following snippet produces same expansion
regex_device_type {
if (&Cisco-AVPair[2]) {
if ("%{Cisco-AVPair[2]}" =~ /{policy.device_regex}/i) {
update request {
&Calling-Device += "%{3} "
}
}
}
}
>
> --
> Matthew
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list