Stefan Puch wrote:
@Arran Cudbard-Bell
> Write a regular expression to strip off the proceeding \
Heres one I did earlier.... If I remember correctly it's \\\\ to escape to
one \ in the username ... \\ To escape it in the RegExp string, \\ to make \
literal in the regular expression...
I'm not so familiar with regular expressions, but your example works" Thank you
very much! :-)
To make the test certificate being accepted I only hat to remove the leading
"@", beacuse the username in there is "[EMAIL PROTECTED]" and if stripped to
only
"user" not accepted by the radius server.
http://www.regular-expressions.info/
This is the best reference for regular expressions, depending on the
libraries the servers are built against, the RegExp flavour is usually
PCRE (Perl Compatible Regular Expressions).
# This one work with the test certificate, too
if("%{User-Name}" =~ /\\\\?([^\\\\]+)@?([-[:alnum:]._]*)?$/) {
update request {
Stripped-User-Name = "%{1}"
}
}
/ Is the prefix and suffix to the regular expression string. Any
characters after the / suffix are used as modifiers. FreeRadius only
supports the i modifier to make matches case insensitive.
\\\\ resolves to a literal back-slash. Regular expressions use the \
char as an escape char so it needs to be escaped with itself. FR also
uses \ as an escape char so it has to be escaped with itself too. Hence
the \\\\\ -> \\ -> \
This regular expression was written to stop *stupid* *stupid* *stupid*
students from breaking authentication by entering something in the
domain field. They kept entering sussex.ac.uk and [EMAIL PROTECTED] in
the User Box in the windows supplicant, which resulted in.
[EMAIL PROTECTED]
or sussex.ac.uk\user
The regexp parses these as :
"%{1}" = user
"%{2}" = domain
or
"%{1}" = user
"%{2}" =
if("%{User-Name}" =~ /\\\\?([^\\\\]+)$/) {
update request {
Stripped-User-Name = "%{1}"
}
}
If you don't need the domain information separately, the above
expression might work better for you. The \\\\? will always try to match
the first '\' but will actually match the last '\' because of the greedy
capture. Then the greedy capture which will capture anything but \ .
Should also work for just straight [EMAIL PROTECTED] as the '\' prefix is
optional.
We use the domain part of the user identifier for proxying.
Is there anywhere a more detailed HOWTO for understanding this regular
expression? I would like to understand "fully" what this example does...
Probably I just have to do some "googling"
Now where the test certificates are working (on Win XP AND Windows Mobile) I
will have to investigate again in my old certificates, because my one are only
working with Windows XP supplicant and wpa_supplicant using Linux. The Windows
Mobile supplicant cannot use them correctly although the certificates are the
same one. Very strange!
Finally I can start writing the HOWTO for Windows Mobile devices ;-)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Arran Cudbard-Bell ([EMAIL PROTECTED])
Authentication, Authorisation and Accounting Officer
Infrastructure Services | ENG1 E1-1-08
University Of Sussex, Brighton
EXT:01273 873900 | INT: 3900
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
