Config file include order bug?

Sven Hartge sven at svenhartge.de
Wed Jul 15 13:51:02 CEST 2020 

Hello!

I just noticed something strange with 3.0.21 from buster-backports.

I have a custom policy in policy.d/thm_rada uses another policy from 
policy.d/canonicalization and this works in my test system:

[...]
including files in directory /etc/freeradius/3.0/policy.d/
including configuration file /etc/freeradius/3.0/policy.d/control
including configuration file /etc/freeradius/3.0/policy.d/rfc7542
including configuration file /etc/freeradius/3.0/policy.d/canonicalization
including configuration file /etc/freeradius/3.0/policy.d/abfab-tr
including configuration file /etc/freeradius/3.0/policy.d/dhcp
including configuration file /etc/freeradius/3.0/policy.d/thm_rada
including configuration file /etc/freeradius/3.0/policy.d/debug
including configuration file /etc/freeradius/3.0/policy.d/accounting
including configuration file /etc/freeradius/3.0/policy.d/eap
including configuration file /etc/freeradius/3.0/policy.d/cui
including configuration file /etc/freeradius/3.0/policy.d/filter
including configuration file 
/etc/freeradius/3.0/policy.d/moonshot-targeted-ids
including configuration file /etc/freeradius/3.0/policy.d/operator-name
including files in directory /etc/freeradius/3.0/sites-enabled/
including configuration file /etc/freeradius/3.0/sites-enabled/default
main {
  security {
         user = "freerad"
         group = "freerad"
[...]

Now I tar'ed and copied the whole /etc/freeradius/ structure to my new 
to-be-production system and this happens:

[...]
including files in directory /etc/freeradius/3.0/policy.d/
including configuration file /etc/freeradius/3.0/policy.d/eap
including configuration file /etc/freeradius/3.0/policy.d/control
including configuration file /etc/freeradius/3.0/policy.d/operator-name
including configuration file /etc/freeradius/3.0/policy.d/debug
including configuration file /etc/freeradius/3.0/policy.d/abfab-tr
including configuration file /etc/freeradius/3.0/policy.d/thm_rada
/etc/freeradius/3.0/policy.d/thm_rada[6]: Reference 
"${policy.mac-addr-regexp}" not found
/etc/freeradius/3.0/policy.d/thm_rada[6]: Parse error expanding ${...} 
in condition
Errors reading or parsing /etc/freeradius/3.0/radiusd.conf
[...]

Notice how the load-order is different? It seems freeradius does not 
load the files in alphanumeric order but in the order the filesystem 
presents them, breaking the parsing of policy.d/thm_rada in this case 
because policy.d/canonicalization hasn't been parsed yet.

Is this known or am I doing something wrong?

The comment states "If policy A calls policy B, then B MUST be defined 
before A." which I am doing here, because "t" comes after "c" but it 
clearly isn't doing that.

Grüße,
Sven

More information about the Freeradius-Users mailing list