Re: (RADIATOR) regex help
On Fri, 4 Aug 2000, Hugh Irvine wrote: Now I see... Not as mysterious as I thought... with this configuration: Handler User-Name = /[^a-zA-Z0-9-@.]/ Thu Aug 3 19:50:45 2000: DEBUG: Check if Handler Username = I was missing the "-"... Thanks for the quick response though... Charles /[^A-Za-z0-9-@.]/ should be used to handle this request Thu Aug 3 19:50:45 2000: DEBUG: Check if Handler Realm=inch.com should be used to handle this request Thu Aug 3 19:50:45 2000: DEBUG: Check if Handler should be used to handle this request Thu Aug 3 19:50:45 2000: DEBUG: Handling request with Handler '' Thu Aug 3 19:50:45 2000: DEBUG: SDB_internal Deleting session for st!$%nky, 203.63.154.1, 1234 Thu Aug 3 19:50:45 2000: DEBUG: Handling with Radius::AuthSQL Thu Aug 3 19:50:45 2000: DEBUG: Handling with Radius::AuthFILE Thu Aug 3 19:50:45 2000: DEBUG: Radius::AuthFILE looks for match with st!$%nky Thu Aug 3 19:50:45 2000: DEBUG: Radius::AuthFILE looks for match with DEFAULT Thu Aug 3 19:50:45 2000: DEBUG: Handling with Radius::AuthUNIX Thu Aug 3 19:50:45 2000: DEBUG: Radius::AuthUNIX looks for match with st!$%nky Thu Aug 3 19:50:45 2000: DEBUG: Radius::AuthUNIX ACCEPT: Thu Aug 3 19:50:45 2000: DEBUG: Radius::AuthFILE ACCEPT: Thu Aug 3 19:50:45 2000: DEBUG: Access accepted for st!$%nky Weird... I KNOW you know perl regex's, so I'm guessing this is something else?? The same regex works fine in a standalone test program that checks strings against that regex... Thanks, Charles It will match on any character that is not one of "A-Z", "a-z", "0-9", "-", "@", and ".". I also forgot the "." last time, which is a bit silly if you are accepting "@" don't you think? (sheepish) regards Hugh On Fri, 04 Aug 2000, Charles Sprickman wrote: Hi, Per a previous question, I put the following handler as the first handler in my radius.cfg: # This handler catches garbage logins Handler Username = /^(?!A-Za-z0-9-@)/ SessionDatabase = SDB_internal AuthBy Reject_User /Handler I'm not too good at complex regular expressions, but this one came from Hugh, and it's supposed to match any username that does not have the characters A-Z, a-z, 0-9, "-", or "@" in it. This was to solve the problem of passing authentication any further when we get a garbled username. The seperate session db is to keep the clutter out of our main session db. When I actually gave it a try, I found that it was matching everything: (from a trace level 4) Thu Aug 3 17:54:01 2000: DEBUG: Rewrote user name to rrdesign Thu Aug 3 17:54:01 2000: DEBUG: Check if Handler Username = /^(?!A-Za-z0-9-@)/ should be used to handle this request Thu Aug 3 17:54:01 2000: DEBUG: Handling request with Handler 'Username = /^(?!A-Za-z0-9-@)/' Thu Aug 3 17:54:01 2000: DEBUG: SDB_internal Deleting session for rrdesign, 216.223.195.9, 1284 Thu Aug 3 17:54:01 2000: DEBUG: Handling with Radius::AuthFILE Thu Aug 3 17:54:01 2000: DEBUG: Radius::AuthFILE looks for match with rrdesign Thu Aug 3 17:54:01 2000: DEBUG: Radius::AuthFILE looks for match with DEFAULT Thu Aug 3 17:54:01 2000: DEBUG: Radius::AuthFILE REJECT_IMMEDIATE: Rejected explicitly by Auth-Type=Reject Thu Aug 3 17:54:01 2000: INFO: Access rejected for rrdesign: Rejected explicitly by Auth-Type=Reject Any ideas? Thanks, Charles | Charles Sprickman | Internet Channel | INCH System Administration Team| (212)243-5200 | [EMAIL PROTECTED] | [EMAIL PROTECTED] === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL
Re: (RADIATOR) regex help
Hello Charles - Mea culpa! That's what I get for dashing off a reply without actually testing it. *sigh* What you want is a "negative character class", not a "negative lookahead assertion" (it was me that was negatively looking ahead). This one I have tested: Handler User-Name = /[^A-Za-z0-9-@.]/ It will match on any character that is not one of "A-Z", "a-z", "0-9", "-", "@", and ".". I also forgot the "." last time, which is a bit silly if you are accepting "@" don't you think? (sheepish) regards Hugh On Fri, 04 Aug 2000, Charles Sprickman wrote: Hi, Per a previous question, I put the following handler as the first handler in my radius.cfg: # This handler catches garbage logins Handler Username = /^(?!A-Za-z0-9-@)/ SessionDatabase = SDB_internal AuthBy Reject_User /Handler I'm not too good at complex regular expressions, but this one came from Hugh, and it's supposed to match any username that does not have the characters A-Z, a-z, 0-9, "-", or "@" in it. This was to solve the problem of passing authentication any further when we get a garbled username. The seperate session db is to keep the clutter out of our main session db. When I actually gave it a try, I found that it was matching everything: (from a trace level 4) Thu Aug 3 17:54:01 2000: DEBUG: Rewrote user name to rrdesign Thu Aug 3 17:54:01 2000: DEBUG: Check if Handler Username = /^(?!A-Za-z0-9-@)/ should be used to handle this request Thu Aug 3 17:54:01 2000: DEBUG: Handling request with Handler 'Username = /^(?!A-Za-z0-9-@)/' Thu Aug 3 17:54:01 2000: DEBUG: SDB_internal Deleting session for rrdesign, 216.223.195.9, 1284 Thu Aug 3 17:54:01 2000: DEBUG: Handling with Radius::AuthFILE Thu Aug 3 17:54:01 2000: DEBUG: Radius::AuthFILE looks for match with rrdesign Thu Aug 3 17:54:01 2000: DEBUG: Radius::AuthFILE looks for match with DEFAULT Thu Aug 3 17:54:01 2000: DEBUG: Radius::AuthFILE REJECT_IMMEDIATE: Rejected explicitly by Auth-Type=Reject Thu Aug 3 17:54:01 2000: INFO: Access rejected for rrdesign: Rejected explicitly by Auth-Type=Reject Any ideas? Thanks, Charles | Charles Sprickman | Internet Channel | INCH System Administration Team| (212)243-5200 | [EMAIL PROTECTED] | [EMAIL PROTECTED] === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) regex help
On Fri, 4 Aug 2000, Hugh Irvine wrote: Hello Charles - Mea culpa! That's what I get for dashing off a reply without actually testing it. No problem, you just made me dig up the perl book and stare at it for a while, that's all :) *sigh* What you want is a "negative character class", not a "negative lookahead assertion" (it was me that was negatively looking ahead). This one I have tested: Handler User-Name = /[^A-Za-z0-9-@.]/ I've got that going (we came up with this: /[^A-Za-z0-9@_.\/\\-]+/ not sure about escaping '\'). Anyhow, I've got my first handler set exactly as you have above, and it's still skipping it, so I'm stumped... Here's a trace that shows it going on down to the default handler: Thu Aug 3 19:50:45 2000: DEBUG: Rewrote user name to st!$%nky Thu Aug 3 19:50:45 2000: DEBUG: Check if Handler Username = /[^A-Za-z0-9-@.]/ should be used to handle this request Thu Aug 3 19:50:45 2000: DEBUG: Check if Handler Realm=inch.com should be used to handle this request Thu Aug 3 19:50:45 2000: DEBUG: Check if Handler should be used to handle this request Thu Aug 3 19:50:45 2000: DEBUG: Handling request with Handler '' Thu Aug 3 19:50:45 2000: DEBUG: SDB_internal Deleting session for st!$%nky, 203.63.154.1, 1234 Thu Aug 3 19:50:45 2000: DEBUG: Handling with Radius::AuthSQL Thu Aug 3 19:50:45 2000: DEBUG: Handling with Radius::AuthFILE Thu Aug 3 19:50:45 2000: DEBUG: Radius::AuthFILE looks for match with st!$%nky Thu Aug 3 19:50:45 2000: DEBUG: Radius::AuthFILE looks for match with DEFAULT Thu Aug 3 19:50:45 2000: DEBUG: Handling with Radius::AuthUNIX Thu Aug 3 19:50:45 2000: DEBUG: Radius::AuthUNIX looks for match with st!$%nky Thu Aug 3 19:50:45 2000: DEBUG: Radius::AuthUNIX ACCEPT: Thu Aug 3 19:50:45 2000: DEBUG: Radius::AuthFILE ACCEPT: Thu Aug 3 19:50:45 2000: DEBUG: Access accepted for st!$%nky Weird... I KNOW you know perl regex's, so I'm guessing this is something else?? The same regex works fine in a standalone test program that checks strings against that regex... Thanks, Charles It will match on any character that is not one of "A-Z", "a-z", "0-9", "-", "@", and ".". I also forgot the "." last time, which is a bit silly if you are accepting "@" don't you think? (sheepish) regards Hugh On Fri, 04 Aug 2000, Charles Sprickman wrote: Hi, Per a previous question, I put the following handler as the first handler in my radius.cfg: # This handler catches garbage logins Handler Username = /^(?!A-Za-z0-9-@)/ SessionDatabase = SDB_internal AuthBy Reject_User /Handler I'm not too good at complex regular expressions, but this one came from Hugh, and it's supposed to match any username that does not have the characters A-Z, a-z, 0-9, "-", or "@" in it. This was to solve the problem of passing authentication any further when we get a garbled username. The seperate session db is to keep the clutter out of our main session db. When I actually gave it a try, I found that it was matching everything: (from a trace level 4) Thu Aug 3 17:54:01 2000: DEBUG: Rewrote user name to rrdesign Thu Aug 3 17:54:01 2000: DEBUG: Check if Handler Username = /^(?!A-Za-z0-9-@)/ should be used to handle this request Thu Aug 3 17:54:01 2000: DEBUG: Handling request with Handler 'Username = /^(?!A-Za-z0-9-@)/' Thu Aug 3 17:54:01 2000: DEBUG: SDB_internal Deleting session for rrdesign, 216.223.195.9, 1284 Thu Aug 3 17:54:01 2000: DEBUG: Handling with Radius::AuthFILE Thu Aug 3 17:54:01 2000: DEBUG: Radius::AuthFILE looks for match with rrdesign Thu Aug 3 17:54:01 2000: DEBUG: Radius::AuthFILE looks for match with DEFAULT Thu Aug 3 17:54:01 2000: DEBUG: Radius::AuthFILE REJECT_IMMEDIATE: Rejected explicitly by Auth-Type=Reject Thu Aug 3 17:54:01 2000: INFO: Access rejected for rrdesign: Rejected explicitly by Auth-Type=Reject Any ideas? Thanks, Charles | Charles Sprickman | Internet Channel | INCH System Administration Team| (212)243-5200 | [EMAIL PROTECTED] | [EMAIL PROTECTED] === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) regex help
Hello Charles - Here is what I get: ./radiusd -config_file goodies/simple.cfg -trace 4 Fri Aug 4 11:20:35 2000: DEBUG: Reading users file ./users Fri Aug 4 11:20:35 2000: INFO: Server started: Radiator 2.16.1 on hugo Fri Aug 4 11:20:40 2000: DEBUG: Packet dump: *** Received from 127.0.0.1 port 1131 Code: Access-Request Identifier: 69 Authentic: 1234567890123456 Attributes: User-Name = "st!$%nky" Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async User-Password = "159249:201175\424618889160216}x153" Fri Aug 4 11:20:40 2000: DEBUG: Check if Handler User-Name = /[^a-zA-Z0-9-@.]/ should be used to handle this request Fri Aug 4 11:20:40 2000: DEBUG: Handling request with Handler 'User-Name = /[^a-zA-Z0-9-@.]/' with this configuration: Handler User-Name = /[^a-zA-Z0-9-@.]/ AuthBy FILE Filename ./users /AuthBy /Handler I'm perplexed - I think I'll check with Mike a bit later. regards Hugh On Fri, 04 Aug 2000, Charles Sprickman wrote: On Fri, 4 Aug 2000, Hugh Irvine wrote: Hello Charles - Mea culpa! That's what I get for dashing off a reply without actually testing it. No problem, you just made me dig up the perl book and stare at it for a while, that's all :) *sigh* What you want is a "negative character class", not a "negative lookahead assertion" (it was me that was negatively looking ahead). This one I have tested: Handler User-Name = /[^A-Za-z0-9-@.]/ I've got that going (we came up with this: /[^A-Za-z0-9@_.\/\\-]+/ not sure about escaping '\'). Anyhow, I've got my first handler set exactly as you have above, and it's still skipping it, so I'm stumped... Here's a trace that shows it going on down to the default handler: Thu Aug 3 19:50:45 2000: DEBUG: Rewrote user name to st!$%nky Thu Aug 3 19:50:45 2000: DEBUG: Check if Handler Username = /[^A-Za-z0-9-@.]/ should be used to handle this request Thu Aug 3 19:50:45 2000: DEBUG: Check if Handler Realm=inch.com should be used to handle this request Thu Aug 3 19:50:45 2000: DEBUG: Check if Handler should be used to handle this request Thu Aug 3 19:50:45 2000: DEBUG: Handling request with Handler '' Thu Aug 3 19:50:45 2000: DEBUG: SDB_internal Deleting session for st!$%nky, 203.63.154.1, 1234 Thu Aug 3 19:50:45 2000: DEBUG: Handling with Radius::AuthSQL Thu Aug 3 19:50:45 2000: DEBUG: Handling with Radius::AuthFILE Thu Aug 3 19:50:45 2000: DEBUG: Radius::AuthFILE looks for match with st!$%nky Thu Aug 3 19:50:45 2000: DEBUG: Radius::AuthFILE looks for match with DEFAULT Thu Aug 3 19:50:45 2000: DEBUG: Handling with Radius::AuthUNIX Thu Aug 3 19:50:45 2000: DEBUG: Radius::AuthUNIX looks for match with st!$%nky Thu Aug 3 19:50:45 2000: DEBUG: Radius::AuthUNIX ACCEPT: Thu Aug 3 19:50:45 2000: DEBUG: Radius::AuthFILE ACCEPT: Thu Aug 3 19:50:45 2000: DEBUG: Access accepted for st!$%nky Weird... I KNOW you know perl regex's, so I'm guessing this is something else?? The same regex works fine in a standalone test program that checks strings against that regex... Thanks, Charles It will match on any character that is not one of "A-Z", "a-z", "0-9", "-", "@", and ".". I also forgot the "." last time, which is a bit silly if you are accepting "@" don't you think? (sheepish) regards Hugh On Fri, 04 Aug 2000, Charles Sprickman wrote: Hi, Per a previous question, I put the following handler as the first handler in my radius.cfg: # This handler catches garbage logins Handler Username = /^(?!A-Za-z0-9-@)/ SessionDatabase = SDB_internal AuthBy Reject_User /Handler I'm not too good at complex regular expressions, but this one came from Hugh, and it's supposed to match any username that does not have the characters A-Z, a-z, 0-9, "-", or "@" in it. This was to solve the problem of passing authentication any further when we get a garbled username. The seperate session db is to keep the clutter out of our main session db. When I actually gave it a try, I found that it was matching everything: (from a trace level 4) Thu Aug 3 17:54:01 2000: DEBUG: Rewrote user name to rrdesign Thu Aug 3 17:54:01 2000: DEBUG: Check if Handler Username = /^(?!A-Za-z0-9-@)/ should be used to handle this request Thu Aug 3 17:54:01 2000: DEBUG: Handling request with Handler 'Username = /^(?!A-Za-z0-9-@)/' Thu Aug 3 17:54:01 2000: DEBUG: SDB_internal Deleting session for rrdesign, 216.223.195.9, 1284 Thu Aug 3 17:54:01 2000: DEBUG: Handling with Radius::AuthFILE Thu Aug 3 17:54:01 2000: DEBUG: Radius::AuthFILE looks for match with rrdesign Thu Aug 3 17:54:01 2000: DEBUG: Radius::AuthFILE looks for match with DEFAULT Thu Aug 3