[RADIATOR] unpackRadiusAttrs eating useful data

Hugh Irvine hugh at open.com.au
Tue Aug 17 00:58:54 CDT 2010


Hello Tarko -

You can try a PreClientHook in more recent versions of Radiator to access the request before it is unpacked.

regards

Hugh


On 17 Aug 2010, at 15:51, Tarko Tikan wrote:

> hey,
> 
>> The problem here is due to "00" being used in an ASCII string.
> 
> That is what I was thinking aswell. But the strange thing is that if I change 00 0a into 00 0b everything works:
> Tue Aug 17 05:45:31 2010: WARNING: pre strip: 00 04 05 dc 00 0b
> Tue Aug 17 05:45:31 2010: WARNING: post strip: 00 04 05 dc 00 0b
> 
> And 01 0a ofc works aswell:
> Tue Aug 17 05:46:20 2010: WARNING: pre strip: 00 04 05 dc 01 0a
> Tue Aug 17 05:46:20 2010: WARNING: post strip: 00 04 05 dc 01 0a
> 
> Also, the string itself is not ending with \0 and should not match \0+$
> 
>> RFC4679 (http://www.ietf.org/rfc/rfc4679.txt) indicates that this attribute should be a printable string - hence our definition as "string".
>> If you want to get at the binary data you should change the dictionary definition to "binary".
> 
> Thats probably the right way, or patch our installation :)
> 
>> Although a better solution would be to get the attribute sent in the fashion indicated by the RFC.
> 
> Someone should tell this to Cisco :) Actually the setup is bit more complicated, cisco is only doing dhcp snooping and inserting agent/circuit-id with binary data, another vendors box is picking it up on the wire and doing radius authentication. But not much can be done in the second box as the binary data is already there and no reasonable way to turn it to printable.
> 
> -- 
> tarko
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator



NB: 

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets), 
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.





More information about the radiator mailing list