FreeRadius replaces characters in '%{User-Password}' after upgrade 3.0.16->3.0.19
belyj at belyj.eu
belyj at belyj.eu
Thu Jul 18 08:51:06 CEST 2019
(0) Received Access-Request Id 161 from 127.0.0.1:37025 to
127.0.0.1:1812 length 76
[50/862]
(0) User-Name = "p6suf+FyNBebQgLMTdAXD4q0U/yZVIaxSN/w8LzVMlw="
(0) NAS-Identifier = "nas-here"
(0) # Executing section authorize from file
/etc/freeradius/sites-enabled/default
(0) authorize {
(0) policy filter_username {
(0) if (&User-Name) {
(0) if (&User-Name) -> TRUE
(0) if (&User-Name) {
(0) if (&User-Name =~ / /) {
(0) if (&User-Name =~ / /) -> FALSE
(0) if (&User-Name =~ /@[^@]*@/ ) {
(0) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(0) if (&User-Name =~ /\.\./ ) {
(0) if (&User-Name =~ /\.\./ ) -> FALSE
(0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))
{
(0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))
-> FALSE
(0) if (&User-Name =~ /\.$/) {
(0) if (&User-Name =~ /\.$/) -> FALSE
(0) if (&User-Name =~ /@\./) {
(0) if (&User-Name =~ /@\./) -> FALSE
(0) } # if (&User-Name) = notfound
(0) } # policy filter_username = notfound
(0) [preprocess] = ok
(0) [chap] = noop
(0) [mschap] = noop
(0) [digest] = noop
(0) suffix: Checking for suffix after "@"
(0) suffix: No '@' in User-Name =
"p6suf+FyNBebQgLMTdAXD4q0U/yZVIaxSN/w8LzVMlw=", looking up realm NULL
(0) suffix: No such realm "NULL"
(0) [suffix] = noop
(0) eap: No EAP-Message, not doing EAP
(0) [eap] = noop
(0) [files] = noop
(0) sql: EXPAND %{User-Name}
(0) sql: --> p6suf+FyNBebQgLMTdAXD4q0U/yZVIaxSN/w8LzVMlw=
(0) sql: SQL-User-Name set to
'p6suf+FyNBebQgLMTdAXD4q0U/yZVIaxSN/w8LzVMlw='
rlm_sql (sql): Reserved connection (0)
(0) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck
WHERE username = '%{SQL-User-Name}' ORDER BY id
(0) sql: --> SELECT id, username, attribute, value, op FROM radcheck
WHERE username = 'p6suf=2BFyNBebQgLMTdAXD4q0U/yZVIaxSN/w8LzVMlw=3D'
ORDER BY id
(0) sql: Executing select query: SELECT id, username, attribute, value,
op FROM radcheck WHERE username =
'p6suf=2BFyNBebQgLMTdAXD4q0U/yZVIaxSN/w8LzVMlw=3D' ORDER BY id
echo
"User-Name="p6suf+FyNBebQgLMTdAXD4q0U/yZVIaxSN/w8LzVMlw=",NAS-Identifier=nas-here"
| radclient 127.0.0.1 auth testing123
same with username %{User-Name}, default install just enabled sql module
On 2019-07-17 16:58, Jorge Pereira wrote:
> Please share the entire debug output
>
>> On 17 Jul 2019, at 08:41, belyj at belyj.eu wrote:
>>
>> Hello.
>>
>> After upgrade from 3.0.16 to 3.0.19 freeradius is replacing characters
>> in mysql queries.
>>
>>
>> (76475085) Tue Jul 16 16:16:06 2019: Debug: Received Access-Request Id
>> 54 from length 126
>> (76475085) Tue Jul 16 16:16:06 2019: Debug: NAS-Identifier = "XXXX"
>> (76475085) Tue Jul 16 16:16:06 2019: Debug: User-Password =
>> "p6suf+FyNBebQgLMTdAXD4q0U/yZVIaxSN/w8LzVMlw="
>>
>> query
>>
>> ... xxx.value = '%{User-Password}' AND ...
>>
>>
>> (76475085) Tue Jul 16 16:16:06 2019: Debug: sql3: Executing select
>> query: SELECT ... xxx.value =
>> 'p6suf=2BFyNBebQgLMTdAXD4q0U/yZVIaxSN/w8LzVMlw=3D' AND ...
>>
>> \+ is replaced and =3D added at the end.
>>
>> `p6suf+FyNBebQgLMTdAXD4q0U/yZVIaxSN/w8LzVMlw=`
>>
>> `p6suf=2BFyNBebQgLMTdAXD4q0U/yZVIaxSN/w8LzVMlw=3D`
>>
>> radiusd: FreeRADIUS Version 3.0.19 (git #1156b5361), for host
>> x86_64-pc-linux-gnu
>> FreeRADIUS Version 3.0.19
>>
>>
>> On 3.0.16 same config, same query, password is not changed.
>>
>>
>>
>>
>> Any help would be appreciated.
>>
>> Andrzej
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list