(RADIATOR) Radiator crashes from garbage user name input

David Miller dmiller at newportnet.com
Thu Mar 14 17:25:26 CST 2002 

Hi all:
I work at a small ISP and we use Radiator (2.19) running on RedHat Linux 
(7.1) to authenticate dial-up users onto our system. Today for the first 
time since we started using Radiator it died unexpectedly on the primary 
and secondary servers. The last line to be logged from each server was the 
same, a failed login that contained nothing but garbage as the user name 
(we see these all the time from windows boxes that are in bad need of a 
reboot). Since the last line in each log was the same I did a little 
testing with radpwtst and found the following string, when supplied as the 
user name, will kill Radiator every time in our environment.

~?~?~&fn,uv~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?b0%sjgr~?~?~?~

This came as quite a surprise as we have been running Radiator here for six 
months and never experienced even so much as a hiccup. Any light that 
someone could shed on this would be appreciated. I have started exploring 
the use of the restartWrapper to restart Radiator in the event of a repeat 
occurance. Thanks for a great product and superb support.

Regards,
David Miller
System Engineer -- Newport Internet
dmiller at newportnet.com


config file follows:
-------------------------------------------
# radius.cfg
# Created for use at Newport Internet
# Author: David Miller (dmiller at newportnet.com)
#
# Uses replicated MySql session database on localhost and 10.10.10.18 using
# private network address. RADONLINE table must have columns for the
# rewritten user name (USERNAME), and user name as supplied by the NAS
# (NASUSERNAME).
# Uses snmpget program to verify DefaultSimultaneous-Use violations
# Uses SNMPAgent clause to allow snmp queries of Radiator server.
# Logs accounting packets to the details file, as well as the ACCOUNTING
# table of the RADIUS database.
# Logs log messages to RADLOG table of RADIUS database.
#
#=====================
# Global Parameters
#=====================
LogDir /var/log/radius
DbDir /etc/radiator/raddb

AuthPort 1645
AcctPort 1646

# User a low trace level in production systems. Increase
# it to 4 or 5 for debugging, or use the -trace flag to radiusd
Trace 3
#Trace 5

# Log file, in form of logfile.dd_Mmm_yyy
LogFile %L/logfile.%d_%v_%Y

# Username Rewrite Rules. Strip off realm name, change to lowercase, and remove
# any whitespace.
RewriteUsername s/^([^@]+).*/$1/
RewriteUsername tr/A-Z/a-z/
RewriteUsername s/\s+//g

# location of snmpget program
SnmpgetProg /usr/bin/snmpget

# must define LivingstonHole as 0 to get snmpget to work properly
LivingstonHole 0

# SNMP Agent -- allow snmp queries of Radiator server
<SNMPAgent>
ROCommunity xxxxxxx
BindAddress 10.10.10.17
Managers 10.10.10.122 localhost
</SNMPAgent>

#===========
# Clients
#===========
<Client aaa.bbb.ccc.ddd>
Secret xxxxxx
DupInterval 2
NasType Portmaster3
SNMPCommunity xxxxxx
</Client>

<Client aaa.bbb.ccc.eee>
Secret xxxxxx
DupInterval 2
NasType Portmaster3
SNMPCommunity xxxxxx
</Client>

<Client aaa.bbb.ccc.fff>
Secret xxxxxx
DupInterval 2
NasType Portmaster3
SNMPCommunity xxxxxx
</Client>

<Client aaa.bbb.ccc.ggg>
Secret xxxxxx
DupInterval 2
NasType Portmaster3
SNMPCommunity xxxxxx
</Client>

#===============
# test clients
#===============
<Client aaa.bbb.ccc.hhh>
Secret xxxxxx
</Client>

<Client 127.0.0.1>
Secret xxxxxx
</Client>

#===============
# SQL Logger
#===============
<Log SQL>
Identifier SQLLogger
DBSource dbi:mysql:RADIUS
DBUsername raduser
DBAuth xxxxxx

Table RADLOG
LogQuery insert into RADLOG (TIME_STAMP, PRIORITY, MESSAGE) \
values ('%Y-%m-%d %H:%M:%S', '%1', %2 );
Trace 3
</Log SQL>

#==================
# Session Database
#==================
<SessionDatabase SQL>
Identifier RadiusSessionDB
# primary (localhost) session database
DBSource dbi:mysql:RADIUS
DBUsername raduser
DBAuth xxxxxx

# secondary session database
DBSource dbi:mysql:RADIUS:10.10.10.18
DBUsername raduser
DBAuth xxxxxx

AddQuery insert into RADONLINE \
(USERNAME, NASUSERNAME, NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP, \
ACCTDELAYTIME, FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE) \
values ('%n', '%u', '%N', '0%{NAS-Port}', \
'%{Acct-Session-Id}', '%{Timestamp}', \
'%{Acct-Delay-Time}', '%{Framed-IP-Address}', \
'%{NAS-Port-Type}', '%{Service-Type}');

DeleteQuery delete from RADONLINE \
where NASIDENTIFIER = '%N' and NASPORT = '0%{NAS-Port}';

ClearNasQuery delete from RADONLINE where NASIDENTIFIER = '%N';

CountQuery select NASIDENTIFIER, NASPORT, ACCTSESSIONID from RADONLINE \
where USERNAME = '%n';
</SessionDatabase SQL>

#==================
# AuthBy clauses
#==================
<AuthBy SQL>
Identifier SQLAccountingStarts
DBSource dbi:mysql:RADIUS
DBUsername raduser
DBAuth xxxxxx

# empty AuthSelect clause, no authentication
AuthSelect
# we only want starts
AccountingStartsOnly

#Accounting table definition
AccountingTable ACCOUNTING
AcctColumnDef USERNAME, User-Name
AcctColumnDef TIME_STAMP, Timestamp, integer
AcctColumnDef ACCTSTATUSTYPE, Acct-Status-Type
AcctColumnDef ACCTDELAYTIME, Acct-Delay-Time, integer
AcctColumnDef ACCTINPUTOCTETS, Acct-Input-Octets, integer
AcctColumnDef ACCTOUTPUTOCTETS, Acct-Output-Octets, integer
AcctColumnDef ACCTSESSIONID, Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME, Acct-Session-Time, integer
AcctColumnDef ACCTTERMINATECAUSE, Acct-Terminate-Cause, integer
AcctColumnDef NASIDENTIFIER, NAS-IP-Address
AcctColumnDef NASPORT, NAS-Port, integer
AcctColumnDef FRAMEDIPADDRESS, Framed-IP-Address
</AuthBy>

<AuthBy SQL>
Identifier SQLAccountingStops
DBSource dbi:mysql:RADIUS
DBUsername raduser
DBAuth xxxxxx

# empty AuthSelect clause, no authentication
AuthSelect

# we only want stop packets
AccountingStopsOnly

#Accounting table definition
AccountingTable ACCOUNTING
AcctColumnDef USERNAME, User-Name
AcctColumnDef TIME_STAMP, Timestamp, integer
AcctColumnDef ACCTSTATUSTYPE, Acct-Status-Type
AcctColumnDef ACCTDELAYTIME, Acct-Delay-Time, integer
AcctColumnDef ACCTINPUTOCTETS, Acct-Input-Octets, integer
AcctColumnDef ACCTOUTPUTOCTETS, Acct-Output-Octets, integer
AcctColumnDef ACCTSESSIONID, Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME, Acct-Session-Time, integer
AcctColumnDef ACCTTERMINATECAUSE, Acct-Terminate-Cause, integer
AcctColumnDef NASIDENTIFIER, NAS-IP-Address
AcctColumnDef NASPORT, NAS-Port, integer
AcctColumnDef FRAMEDIPADDRESS, Framed-IP-Address

# AcctSQL Statements
</AuthBy>

<AuthBy FILE>
Identifier UserFile
Filename %D/users
CaseInsensitivePasswords # passwords case insensitive
DefaultSimultaneousUse 1 # Can be overridden on a per user basis.
</AuthBy>

#==================
# Realms
#==================
<Realm DEFAULT>
# Session Database to use
SessionDatabase RadiusSessionDB

# AuthBy Policy -- we continue always
AuthByPolicy ContinueAlways

AuthBy SQLAccountingStarts
AuthBy SQLAccountingStops
AuthBy UserFile

# Log accounting to a detail file
# Detail filename in form of detail.dd_Mmm_yyy
AcctLogFileName %L/detail.%d_%v_%Y
</Realm>



===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list