(RADIATOR) Radiator dying on unusual usernames
Mike McCauley
mikem at open.com.au
Thu Jul 31 19:17:45 CDT 2003
Hello Barry,
thanks for reporting this issue.
We have not been able to reproduce this here yet, but it looks like your
version of perl is doing some platform specific sprintf conversions.
What platform are you running on?
Can you send me the output of 'perl -V'.
Cheers.
On Thu, 31 Jul 2003 11:28 am, Hugh Irvine wrote:
> Hello Barry -
>
> You can use the global UsernameCharset parameter in the configuration
> file to restrict usernames to a defined set of characters (and reject
> anything else). See section 6.4.30 in the Radiator 3.6 reference manual
> ("doc/ref.html").
>
> I have also copied Mike on this mail, as he may have other comments.
>
> BTW - you will sometimes see username and password strings like you
> show below from modems that have not trained properly and give you
> rubbish.
>
> regards
>
> Hugh
>
>
> On Thursday, Jul 31, 2003, at 10:40 Australia/Melbourne, Barry Brown
>
> wrote:
> > Hi,
> >
> > We just installed Radiator and are running into situations where it
> > just rolls over and dies. Sometimes it happens after just a few hours,
> > sometime I have to wait a day or so. The latest incident happened a
> > few hours ago and I captured it on the console and in log files. It
> > looks like Syslog.pm is choking on the data it's being given. It could
> > be because of the garbage username and password. I can't say for sure
> > whether the previous incidents were caused by the same thing since I
> > didn't have the log files set up to capture them.
> >
> > Should radiator be sanitizing the data before working with it?
> >
> > Thanks,
> >
> > Barry
> >
> >
> >
> > Console output:
> >
> > bobbidi root # radiusd -config_file /etc/radiusd.conf -foreground
> > Modification of a read-only value attempted at
> > /usr/lib/perl5/5.8.0/i686-linux/Sys/Syslog.pm line 296.
> > Attempt to free unreferenced scalar during global destruction.
> >
> >
> > Configuration file (no secrets):
> >
> > #Foreground
> > #LogStdout
> > LogDir /var/log/radius
> > DbDir /etc/raddb
> > PidFile /var/run/radiusd/radiusd.pid
> > # User a lower trace level in production systems:
> > Trace 4
> > AuthPort 1645,1812
> > AcctPort 1646,1813
> >
> > <ClientListSQL>
> > DBSource dbi:mysql:radius:123.4.5.6
> > DBUsername XXXXXX
> > DBAuth XXXXXXXX
> > GetClientQuery select ipaddr,secret from nas
> > </ClientListSQL>
> >
> > <Realm DEFAULT>
> > <AuthBy SQL>
> > DBSource dbi:mysql:radius:123.4.5.6
> > DBUsername XXXXXX
> > DBAuth XXXXXXX
> > AuthSelect select Value from radcheck where UserName =
> > %0
> > AuthColumnDef 0, User-Password, check
> > AddToReply Service-Type=Framed-User,\
> > Framed-Protocol=PPP,\
> > Framed-Compression=Van-Jacobsen-TCP-IP
> > </AuthBy>
> >
> > PasswordLogFileName /var/log/radius/password.log
> >
> > <AuthLog SYSLOG>
> > Facility user
> > Priority info
> > LogSuccess 0
> > LogFailure 1
> > # The defaults for below are %1:%U:%P:OK and
> > %1:%U:%P:FAIL
> > SuccessFormat %U:OK
> > FailureFormat %U:%P:FAIL
> > </AuthLog>
> > #<AuthLog SQL>
> > # DBSource dbi:mysql:radius:123.4.5.6
> > # DBUsername XXXXXXX
> > # DBAuth XXXXXXX
> > #</AuthLog>
> > </Realm>
> >
> >
> > Last few lines of the authlog (generated by syslog):
> >
> > Jul 30 11:23:53 bobbidi /usr/bin/radiusd[11372]: had-e::FAIL: No such
> > user
> > Jul 30 11:24:43 bobbidi /usr/bin/radiusd[11372]: ::FAIL: No such user
> > Jul 30 11:25:59 bobbidi /usr/bin/radiusd[11372]: ::FAIL: No such user
> > Jul 30 11:26:10 bobbidi /usr/bin/radiusd[11372]: smsshanghai::FAIL:
> > Bad Password
> > Jul 30 11:26:51 bobbidi /usr/bin/radiusd[11372]: john23::FAIL: Bad
> > Password
> > Jul 30 11:28:45 bobbidi /usr/bin/radiusd[11372]: john23::FAIL: Bad
> > Password
> > Jul 30 11:29:26 bobbidi /usr/bin/radiusd[11372]:
> > EBR=11-~d44KlN0mu#-k7}R%A-m1UfLp:G*t\?yBzb|.3\'>Ccp4&&#Rn\anJ{N/
> > \(s[+5yx+<x#5a\Q2!i|7U6{:E!'5&>:FAIL: No such user
> > Jul 30 11:29:26 bobbidi /usr/bin/radiusd[11372]: k-5TK:0I:FAIL: No
> > such user
> >
> > Finally, the last few entries from the logfile:
> >
> > Wed Jul 30 11:29:26 2003: DEBUG: Packet dump:
> > *** Received from 66.81.0.128 port 3598 ....
> > Code: Access-Request
> > Identifier: 192
> > Authentic: ;<203><191><152>~<163><247><177><14>*q<1>jw<184><208>
> > Attributes:
> > User-Name = "EBR=11-~d44KlN%Xmu#-k7}R%A-m1UfLp"
> > NAS-IP-Address = 66.81.7.27
> > NAS-Port = 27213
> > NAS-Port-Type = Async
> > Service-Type = Login-User
> > Calling-Station-Id = "5306761012"
> > Ascend-Calling-Id-Type-Of-Num = Unknown
> > Ascend-Calling-Id-Number-Plan = Unknown
> > Called-Station-Id = "5305031325"
> > Acct-Session-Id = "401591860"
> > Ascend-Data-Rate = 26400
> > Ascend-Xmit-Rate = 26400
> > User-Password =
> > "A<28><240><183><10>3Yi<192>K<162><2><3>U7m<181>s<186>6<214><14>2<188>L
> > <221>h<185>~<7>{<236><4>$
> > <237><245><245><26><168>q<196><8><30>~@w<226>70I<226><251><8>)"N<227><5
> >
> > >k<17>4=<21>"
> >
> > Wed Jul 30 11:29:26 2003: DEBUG: Handling request with Handler
> > 'Realm=DEFAULT'
> > Wed Jul 30 11:29:26 2003: DEBUG: Deleting session for
> > EBR=11-~d44KlN%Xmu#-k7}R%A-m1UfLp, 66.81.7.27, 27213
> > Wed Jul 30 11:29:26 2003: DEBUG: Handling with Radius::AuthSQL
> > Wed Jul 30 11:29:26 2003: DEBUG: Handling with Radius::AuthSQL:
> > Wed Jul 30 11:29:26 2003: DEBUG: Query is: 'select Value from radcheck
> > where UserName = 'EBR=11-~d44KlN%Xmu#-k7}R%A-m1UfLp'':
> >
> > Wed Jul 30 11:29:26 2003: DEBUG: Radius::AuthSQL looks for match with
> > EBR=11-~d44KlN%Xmu#-k7}R%A-m1UfLp
> > Wed Jul 30 11:29:26 2003: DEBUG: Query is: 'select Value from radcheck
> > where UserName = 'DEFAULT'':
> >
> > Wed Jul 30 11:29:26 2003: INFO: Access rejected for
> > EBR=11-~d44KlN%Xmu#-k7}R%A-m1UfLp: No such user
> > Wed Jul 30 11:29:26 2003: DEBUG: Packet dump:
> > *** Sending to 66.81.0.128 port 3598 ....
> > Code: Access-Reject
> > Identifier: 192
> > Authentic: ;<203><191><152>~<163><247><177><14>*q<1>jw<184><208>
> > Attributes:
> > Reply-Message = "Request Denied"
> >
> > Wed Jul 30 11:29:26 2003: DEBUG: Packet dump:
> > *** Received from 66.81.0.128 port 3598 ....
> > Code: Access-Request
> > Identifier: 193
> > Authentic: <175>l<22><253><21>NP<243><203><233>Elm<13><<143>
> > Attributes:
> > User-Name = "alewis"
> > NAS-IP-Address = 66.81.7.11
> > NAS-Port = 26724
> > NAS-Port-Type = Async
> > Service-Type = Framed-User
> > Framed-Protocol = PPP
> > Calling-Station-Id = "5302724813"
> > Ascend-Calling-Id-Type-Of-Num = Unknown
> > Ascend-Calling-Id-Number-Plan = Unknown
> > Called-Station-Id = "5302051325"
> > Acct-Session-Id = "398300071"
> > Ascend-Endpoint-Disc =
> > "<1><204><25>[<3>x<226>D<<162><13>O<133><195>><29>:"
> > Ascend-Data-Rate = 26400
> > Ascend-Xmit-Rate = 50667
> > User-Password =
> > ";<182><168><225><243><146>L*'8<251>t<161><191><127><164>"
> >
> > Wed Jul 30 11:29:26 2003: DEBUG: Handling request with Handler
> > 'Realm=DEFAULT'
> > Wed Jul 30 11:29:26 2003: DEBUG: Deleting session for lewis,
> > 66.81.7.11, 26724
> > Wed Jul 30 11:29:26 2003: DEBUG: Handling with Radius::AuthSQL
> > Wed Jul 30 11:29:26 2003: DEBUG: Handling with Radius::AuthSQL:
> > Wed Jul 30 11:29:26 2003: DEBUG: Query is: 'select Value from radcheck
> > where UserName = 'alewis'':
> >
> > Wed Jul 30 11:29:26 2003: DEBUG: Radius::AuthSQL looks for match with
> > alewis
> > Wed Jul 30 11:29:26 2003: DEBUG: Radius::AuthSQL ACCEPT:
> > Wed Jul 30 11:29:26 2003: DEBUG: Access accepted for alewis
> > Wed Jul 30 11:29:26 2003: DEBUG: Packet dump:
> > *** Sending to 66.81.0.128 port 3598 ....
> > Code: Access-Accept
> > Identifier: 193
> > Authentic: <175>l<22><253><21>NP<243><203><233>Elm<13><<143>
> > Attributes:
> > Service-Type = Framed-User
> > Framed-Protocol = PPP
> > Framed-Compression = Van-Jacobsen-TCP-IP
> >
> > Wed Jul 30 11:29:26 2003: DEBUG: Packet dump:
> > *** Received from 66.81.0.128 port 3598 ....
> > Code: Access-Request
> > Identifier: 195
> > Authentic: ;<203><191><152>~<163><247><177><14>*q<1>jw<184><208>
> > Attributes:
> > User-Name = "k-5TK"
> > NAS-IP-Address = 66.81.7.27
> > NAS-Port = 27213
> > NAS-Port-Type = Async
> > Service-Type = Login-User
> > Calling-Station-Id = "5306761012"
> > Ascend-Calling-Id-Type-Of-Num = Unknown
> > Ascend-Calling-Id-Number-Plan = Unknown
> > Called-Station-Id = "5305031325"
> > Acct-Session-Id = "401591860"
> > Ascend-Data-Rate = 26400
> > Ascend-Xmit-Rate = 26400
> > User-Password = "6<127><132><235>5J<27><19><162>7<140>1_r<9>."
> >
> > Wed Jul 30 11:29:26 2003: DEBUG: Handling request with Handler
> > 'Realm=DEFAULT'
> > Wed Jul 30 11:29:26 2003: DEBUG: Deleting session for k-5TK,
> > 66.81.7.27, 27213
> > Wed Jul 30 11:29:26 2003: DEBUG: Handling with Radius::AuthSQL
> > Wed Jul 30 11:29:26 2003: DEBUG: Handling with Radius::AuthSQL:
> > Wed Jul 30 11:29:26 2003: DEBUG: Query is: 'select Value from radcheck
> > where UserName = 'k-5TK'':
> >
> > Wed Jul 30 11:29:26 2003: DEBUG: Radius::AuthSQL looks for match with
> > k-5TK
> > Wed Jul 30 11:29:26 2003: DEBUG: Query is: 'select Value from radcheck
> > where UserName = 'DEFAULT'':
> >
> > Wed Jul 30 11:29:26 2003: INFO: Access rejected for k-5TK: No such user
> > Wed Jul 30 11:29:26 2003: DEBUG: Packet dump:
> > *** Sending to 66.81.0.128 port 3598 ....
> > Code: Access-Reject
> > Identifier: 195
> > Authentic: ;<203><191><152>~<163><247><177><14>*q<1>jw<184><208>
> > Attributes:
> > Reply-Message = "Request Denied"
> >
> > Wed Jul 30 11:29:26 2003: DEBUG: Packet dump:
> > *** Received from 66.81.0.128 port 3598 ....
> > Code: Access-Request
> > Identifier: 196
> > Authentic: ;<203><191><152>~<163><247><177><14>*q<1>jw<184><208>
> > Attributes:
> > User-Name =
> > "R99%KDF{j"kk$B#(5#W>l2TFav%A?<OPfjxt?>~.fu&Q15gj}yfxB;y;9"
> > NAS-IP-Address = 66.81.7.27
> > NAS-Port = 27213
> > NAS-Port-Type = Async
> > Service-Type = Login-User
> > Calling-Station-Id = "5306761012"
> > Ascend-Calling-Id-Type-Of-Num = Unknown
> > Ascend-Calling-Id-Number-Plan = Unknown
> > Called-Station-Id = "5305031325"
> > Acct-Session-Id = "401591860"
> > Ascend-Data-Rate = 26400
> > Ascend-Xmit-Rate = 26400
> > User-Password =
> > "IV<236><168><13>4!x<139>z<175>EiT7z<22>f<24><131><163><155><141>^<247>
> > <5>L~<244><252>7M|<219>]U<196>:<247><164><234><155><172><146>:<186><140
> >
> > ><247><168>2B<134><174><166>w<205><31><146><184><239><142>#<144>7<216>v
> >
> > <231><220><160>>Q<127><22><196><184><247>y<240>#{&ok<169>e<145><232><20
> > 1><155><205><29>$<177>me<179><143><218>o?v<20><6><211>e<175><27><200><1
> > 29><220><21><207>%x<206>v<222>_<202><27><168>Q{`7<224>.)<23><143>d8<8><
> > 169><211>?V<254>c{<253><20>6<199><30>!<22>x<141><7><136><159><168><211>
> > <190>)f<20>J"
> >
> > Wed Jul 30 11:29:26 2003: DEBUG: Handling request with Handler
> > 'Realm=DEFAULT'
> > Wed Jul 30 11:29:26 2003: DEBUG: Deleting session for
> > R99%KDF{j"kk$B#(5#W>l2TFav%A?<OPfjxt?>~.fu&Q15gj}yfxB;y;9, 66.81.7.27,
> > 27213
> > Wed Jul 30 11:29:26 2003: DEBUG: Handling with Radius::AuthSQL
> > Wed Jul 30 11:29:26 2003: DEBUG: Handling with Radius::AuthSQL:
> > Wed Jul 30 11:29:26 2003: DEBUG: Query is: 'select Value from radcheck
> > where UserName =
> > 'R99%KDF{j\"kk$B#(5#W>l2TFav%A?<OPfjxt?>~.fu&Q15gj}yfxB;y;9'':
> >
> > Wed Jul 30 11:29:26 2003: DEBUG: Radius::AuthSQL looks for match with
> > R99%KDF{j"kk$B#(5#W>l2TFav%A?<OPfjxt?>~.fu&Q15gj}yfxB;y;9
> > Wed Jul 30 11:29:26 2003: DEBUG: Query is: 'select Value from radcheck
> > where UserName = 'DEFAULT'':
> >
> > Wed Jul 30 11:29:26 2003: INFO: Access rejected for
> > R99%KDF{j"kk$B#(5#W>l2TFav%A?<OPfjxt?>~.fu&Q15gj}yfxB;y;9: No such > user
> >
> >
> > A few lines from Syslog.pm around line 296:
> >
> > unless ($whoami) {
> > ($whoami = getlogin) ||
> > ($whoami = getpwuid($<)) ||
> > ($whoami = 'syslog');
> > }
> >
> > $whoami .= "[$$]" if $lo_pid;
> >
> > $mask =~ s/%m/$!/g;
> > $mask .= "\n" unless $mask =~ /\n$/;
> > $message = sprintf ($mask, @_); # <-- This is 296
> >
> > $sum = $numpri + $numfac;
> > my $buf = "<$sum>$whoami: $message\0";
> >
> > # it's possible that we'll get an error from sending
> > # (e.g. if method is UDP and there is no UDP listener,
> > # then we'll get ECONNREFUSED on the send). So what we
> > # want to do at this point is to fallback onto a different
> >
> > ===
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
>
> NB: have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
--
Mike McCauley mikem at open.com.au
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP etc on Unix, Windows, MacOS etc.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list