[RADIATOR] unpackRadiusAttrs eating useful data

Tarko Tikan tarko at estpak.ee
Tue Aug 17 00:51:50 CDT 2010


hey,

> The problem here is due to "00" being used in an ASCII string.

That is what I was thinking aswell. But the strange thing is that if I change 00 0a into 00 0b everything works:
Tue Aug 17 05:45:31 2010: WARNING: pre strip: 00 04 05 dc 00 0b
Tue Aug 17 05:45:31 2010: WARNING: post strip: 00 04 05 dc 00 0b

And 01 0a ofc works aswell:
Tue Aug 17 05:46:20 2010: WARNING: pre strip: 00 04 05 dc 01 0a
Tue Aug 17 05:46:20 2010: WARNING: post strip: 00 04 05 dc 01 0a

Also, the string itself is not ending with \0 and should not match \0+$

> RFC4679 (http://www.ietf.org/rfc/rfc4679.txt) indicates that this attribute should be a printable string - hence our definition as "string".
> If you want to get at the binary data you should change the dictionary definition to "binary".

Thats probably the right way, or patch our installation :)

> Although a better solution would be to get the attribute sent in the fashion indicated by the RFC.

Someone should tell this to Cisco :) Actually the setup is bit more complicated, cisco is only doing dhcp snooping and inserting agent/circuit-id with binary data, another vendors box is picking it up on the wire and doing radius authentication. But not much can be done in the second box as the binary data is already there and no reasonable way to turn it to printable.

-- 
tarko


More information about the radiator mailing list