Re: (RADIATOR) regex help

Thu, 03 Aug 2000 17:15:47 -0700 

On Fri, 4 Aug 2000, Hugh Irvine wrote:

> Hello Charles -
> 
> Mea culpa!
> 
> That's what I get for dashing off a reply without actually testing it.

No problem, you just made me dig up the perl book and stare at it for a
while, that's all :)
 
> *sigh*
> 
> What you want is a "negative character class", not a "negative lookahead
> assertion" (it was me that was negatively looking ahead....).
> 
> This one I have tested:
> 
> <Handler User-Name = /[^A-Za-z0-9-@.]/>

I've got that going (we came up with this: /[^A-Za-z0-9@_.\/\\-]+/ not
sure about escaping '\').  Anyhow, I've got my first handler set exactly
as you have above, and it's still skipping it, so I'm stumped...

Here's a trace that shows it going on down to the default handler:

Thu Aug  3 19:50:45 2000: DEBUG: Rewrote user name to st!$%nky
Thu Aug  3 19:50:45 2000: DEBUG: Check if Handler Username =
/[^A-Za-z0-9-@.]/ should be used to handle this request
Thu Aug  3 19:50:45 2000: DEBUG: Check if Handler Realm=inch.com should be
used to handle this request
Thu Aug  3 19:50:45 2000: DEBUG: Check if Handler  should be used to
handle this request
Thu Aug  3 19:50:45 2000: DEBUG: Handling request with Handler ''
Thu Aug  3 19:50:45 2000: DEBUG: SDB_internal Deleting session for
st!$%nky, 203.63.154.1, 1234
Thu Aug  3 19:50:45 2000: DEBUG: Handling with Radius::AuthSQL
Thu Aug  3 19:50:45 2000: DEBUG: Handling with Radius::AuthFILE
Thu Aug  3 19:50:45 2000: DEBUG: Radius::AuthFILE looks for match with
st!$%nky
Thu Aug  3 19:50:45 2000: DEBUG: Radius::AuthFILE looks for match with
DEFAULT
Thu Aug  3 19:50:45 2000: DEBUG: Handling with Radius::AuthUNIX
Thu Aug  3 19:50:45 2000: DEBUG: Radius::AuthUNIX looks for match with
st!$%nky
Thu Aug  3 19:50:45 2000: DEBUG: Radius::AuthUNIX ACCEPT:
Thu Aug  3 19:50:45 2000: DEBUG: Radius::AuthFILE ACCEPT:
Thu Aug  3 19:50:45 2000: DEBUG: Access accepted for st!$%nky      

Weird...  I KNOW you know perl regex's, so I'm guessing this is something
else??  The same regex works fine in a standalone test program that checks
strings against that regex...

Thanks,

Charles

> It will match on any character that is not one of "A-Z", "a-z", "0-9", "-",
> "@", and ".". I also forgot the "." last time, which is a bit silly if you are
> accepting "@" don't you think?
> 
> (sheepish) regards
> 
> Hugh
> 
> On Fri, 04 Aug 2000, Charles Sprickman wrote:
> > Hi,
> > 
> > Per a previous question, I put the following handler as the first handler
> > in my radius.cfg:
> > 
> > # This handler catches garbage logins
> > <Handler Username = /^(?!A-Za-z0-9-@)/>
> >         SessionDatabase = SDB_internal
> >         AuthBy Reject_User
> > </Handler>
> > 
> > I'm not too good at complex regular expressions, but this one came from
> > Hugh, and it's supposed to match any username that does not have the
> > characters A-Z, a-z, 0-9, "-", or "@" in it.  This was to solve the
> > problem of passing authentication any further when we get a garbled
> > username.  The seperate session db is to keep the clutter out of our main
> > session db.
> > 
> > When I actually gave it a try, I found that it was matching everything:
> > 
> > (from a trace level 4)
> > Thu Aug  3 17:54:01 2000: DEBUG: Rewrote user name to rrdesign
> > Thu Aug  3 17:54:01 2000: DEBUG: Check if Handler Username =
> > /^(?!A-Za-z0-9-@)/ should be used to handle this request
> > Thu Aug  3 17:54:01 2000: DEBUG: Handling request with Handler 'Username =
> > /^(?!A-Za-z0-9-@)/'
> > Thu Aug  3 17:54:01 2000: DEBUG: SDB_internal Deleting session for
> > rrdesign, 216.223.195.9, 1284
> > Thu Aug  3 17:54:01 2000: DEBUG: Handling with Radius::AuthFILE
> > Thu Aug  3 17:54:01 2000: DEBUG: Radius::AuthFILE looks for match with
> > rrdesign
> > Thu Aug  3 17:54:01 2000: DEBUG: Radius::AuthFILE looks for match with
> > DEFAULT
> > Thu Aug  3 17:54:01 2000: DEBUG: Radius::AuthFILE 
> > REJECT_IMMEDIATE: Rejected explicitly by Auth-Type=Reject
> > Thu Aug  3 17:54:01 2000: INFO: Access rejected for rrdesign: Rejected
> > explicitly by Auth-Type=Reject
> > 
> > Any ideas?
> > 
> > Thanks,
> > 
> > Charles
> > 
> > | Charles Sprickman                  | Internet Channel
> > | INCH System Administration Team    | (212)243-5200 
> > | [EMAIL PROTECTED]                     | [EMAIL PROTECTED]
> > 
> > 
> > ===
> > Archive at http://www.starport.net/~radiator/
> > Announcements on [EMAIL PROTECTED]
> > To unsubscribe, email '[EMAIL PROTECTED]' with
> > 'unsubscribe radiator' in the body of the message.
> -- 
> Radiator: the most portable, flexible and configurable RADIUS server 
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
> Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
> Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
> 
> 


===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Reply via email to