>----- Oorspronkelijk bericht ----- >Van : Alexander Clouter [mailto:[email protected]] >Verzonden : donderdag , september 24, 2009 05:24 PM >Aan : [email protected] >Onderwerp : Re: Mimic lower_user in FR2 > >Thor Spruyt <[email protected]> wrote: >> >> Since lower_user doesn't exist anymore in FR2, I was thinking of doing >> the following in FR2 to mimic the behaviour, which seems to be working >> correctly: >> >> In "hints" file: >> >> DEFAULT User-Name !~ /^$/ >> User-Name := `%{exec:/opt/tolower %{User-Name}}`, >> Fall-Through = Yes >> >> DEFAULT Stripped-User-Name !~ /^$/ >> Stripped-User-Name := `%{exec:/opt/tolower %{Stripped-User-Name}}`, >> Fall-Through = Yes >> >> >> Content of "/opt/tolower": >> >> #!/bin/sh >> >> echo -n "$1" | tr '[A-Z]' '[a-z]' >> >> Is there any reason why I should not do this or why it's not recommended? >> The servers on which I want to do this is not heavily loaded (<1req/s). >> >Well although the load is not a problem, I mean you should feel *really* >dirty that every time a packet goes through your box, you system() out >twice. > >Hell I feel dirty enough when doing the following for the not-often >upstream proxying requests we do: >---- >update proxy-request { > NAS-IP-Address := `/bin/hostname -i` > NAS-Identifier := `/bin/hostname -f` >} >---- > >This however is just me being lazy until I patch FreeRADIUS to give me >some static runtime variable action :) > >You should do this with Perl if you really want or alternatively I'll >start sending your RADIUS server something like the following as you do >no validation at all (you get the idea, might work, probably won't, but >why risk it?): >---- >User-Name = '\"; rm -rf /; echo \"' >---- > >Cheers > >-- >Alexander Clouter >.sigmonster says: The best things in life go on sale sooner or later. >
I would indeed tighten the script, but I was wondering if changing the 2 attributes in this way could cause problems in later processing. Or maybe there's a better way which I don't know about to get the same result... Regards, Thor. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
