Hello Charles -
Here is what I get:
./radiusd -config_file goodies/simple.cfg -trace 4
Fri Aug 4 11:20:35 2000: DEBUG: Reading users file ./users
Fri Aug 4 11:20:35 2000: INFO: Server started: Radiator 2.16.1 on hugo
Fri Aug 4 11:20:40 2000: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 1131 ....
Code: Access-Request
Identifier: 69
Authentic: 1234567890123456
Attributes:
User-Name = "st!$%nky"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Port = 1234
NAS-Port-Type = Async
User-Password = "<159><249>:<201><175>\<4><246><188>8<9><160><216>}x<153>"
Fri Aug 4 11:20:40 2000: DEBUG: Check if Handler User-Name = /[^a-zA-Z0-9-@.]/ should
be used to handle this request
Fri Aug 4 11:20:40 2000: DEBUG: Handling request with Handler 'User-Name =
/[^a-zA-Z0-9-@.]/'
with this configuration:
<Handler User-Name = /[^a-zA-Z0-9-@.]/>
<AuthBy FILE>
Filename ./users
</AuthBy>
</Handler>
I'm perplexed - I think I'll check with Mike a bit later.
regards
Hugh
On Fri, 04 Aug 2000, Charles Sprickman wrote:
> On Fri, 4 Aug 2000, Hugh Irvine wrote:
>
> > Hello Charles -
> >
> > Mea culpa!
> >
> > That's what I get for dashing off a reply without actually testing it.
>
> No problem, you just made me dig up the perl book and stare at it for a
> while, that's all :)
>
> > *sigh*
> >
> > What you want is a "negative character class", not a "negative lookahead
> > assertion" (it was me that was negatively looking ahead....).
> >
> > This one I have tested:
> >
> > <Handler User-Name = /[^A-Za-z0-9-@.]/>
>
> I've got that going (we came up with this: /[^A-Za-z0-9@_.\/\\-]+/ not
> sure about escaping '\'). Anyhow, I've got my first handler set exactly
> as you have above, and it's still skipping it, so I'm stumped...
>
> Here's a trace that shows it going on down to the default handler:
>
> Thu Aug 3 19:50:45 2000: DEBUG: Rewrote user name to st!$%nky
> Thu Aug 3 19:50:45 2000: DEBUG: Check if Handler Username =
> /[^A-Za-z0-9-@.]/ should be used to handle this request
> Thu Aug 3 19:50:45 2000: DEBUG: Check if Handler Realm=inch.com should be
> used to handle this request
> Thu Aug 3 19:50:45 2000: DEBUG: Check if Handler should be used to
> handle this request
> Thu Aug 3 19:50:45 2000: DEBUG: Handling request with Handler ''
> Thu Aug 3 19:50:45 2000: DEBUG: SDB_internal Deleting session for
> st!$%nky, 203.63.154.1, 1234
> Thu Aug 3 19:50:45 2000: DEBUG: Handling with Radius::AuthSQL
> Thu Aug 3 19:50:45 2000: DEBUG: Handling with Radius::AuthFILE
> Thu Aug 3 19:50:45 2000: DEBUG: Radius::AuthFILE looks for match with
> st!$%nky
> Thu Aug 3 19:50:45 2000: DEBUG: Radius::AuthFILE looks for match with
> DEFAULT
> Thu Aug 3 19:50:45 2000: DEBUG: Handling with Radius::AuthUNIX
> Thu Aug 3 19:50:45 2000: DEBUG: Radius::AuthUNIX looks for match with
> st!$%nky
> Thu Aug 3 19:50:45 2000: DEBUG: Radius::AuthUNIX ACCEPT:
> Thu Aug 3 19:50:45 2000: DEBUG: Radius::AuthFILE ACCEPT:
> Thu Aug 3 19:50:45 2000: DEBUG: Access accepted for st!$%nky
>
> Weird... I KNOW you know perl regex's, so I'm guessing this is something
> else?? The same regex works fine in a standalone test program that checks
> strings against that regex...
>
> Thanks,
>
> Charles
>
> > It will match on any character that is not one of "A-Z", "a-z", "0-9", "-",
> > "@", and ".". I also forgot the "." last time, which is a bit silly if you are
> > accepting "@" don't you think?
> >
> > (sheepish) regards
> >
> > Hugh
> >
> > On Fri, 04 Aug 2000, Charles Sprickman wrote:
> > > Hi,
> > >
> > > Per a previous question, I put the following handler as the first handler
> > > in my radius.cfg:
> > >
> > > # This handler catches garbage logins
> > > <Handler Username = /^(?!A-Za-z0-9-@)/>
> > > SessionDatabase = SDB_internal
> > > AuthBy Reject_User
> > > </Handler>
> > >
> > > I'm not too good at complex regular expressions, but this one came from
> > > Hugh, and it's supposed to match any username that does not have the
> > > characters A-Z, a-z, 0-9, "-", or "@" in it. This was to solve the
> > > problem of passing authentication any further when we get a garbled
> > > username. The seperate session db is to keep the clutter out of our main
> > > session db.
> > >
> > > When I actually gave it a try, I found that it was matching everything:
> > >
> > > (from a trace level 4)
> > > Thu Aug 3 17:54:01 2000: DEBUG: Rewrote user name to rrdesign
> > > Thu Aug 3 17:54:01 2000: DEBUG: Check if Handler Username =
> > > /^(?!A-Za-z0-9-@)/ should be used to handle this request
> > > Thu Aug 3 17:54:01 2000: DEBUG: Handling request with Handler 'Username =
> > > /^(?!A-Za-z0-9-@)/'
> > > Thu Aug 3 17:54:01 2000: DEBUG: SDB_internal Deleting session for
> > > rrdesign, 216.223.195.9, 1284
> > > Thu Aug 3 17:54:01 2000: DEBUG: Handling with Radius::AuthFILE
> > > Thu Aug 3 17:54:01 2000: DEBUG: Radius::AuthFILE looks for match with
> > > rrdesign
> > > Thu Aug 3 17:54:01 2000: DEBUG: Radius::AuthFILE looks for match with
> > > DEFAULT
> > > Thu Aug 3 17:54:01 2000: DEBUG: Radius::AuthFILE
> > > REJECT_IMMEDIATE: Rejected explicitly by Auth-Type=Reject
> > > Thu Aug 3 17:54:01 2000: INFO: Access rejected for rrdesign: Rejected
> > > explicitly by Auth-Type=Reject
> > >
> > > Any ideas?
> > >
> > > Thanks,
> > >
> > > Charles
> > >
> > > | Charles Sprickman | Internet Channel
> > > | INCH System Administration Team | (212)243-5200
> > > | [EMAIL PROTECTED] | [EMAIL PROTECTED]
> > >
> > >
> > > ===
> > > Archive at http://www.starport.net/~radiator/
> > > Announcements on [EMAIL PROTECTED]
> > > To unsubscribe, email '[EMAIL PROTECTED]' with
> > > 'unsubscribe radiator' in the body of the message.
> > --
> > Radiator: the most portable, flexible and configurable RADIUS server
> > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> > Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
> > Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
> >
> >
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
