On Fri, 19 Jan 2001, Hugh Irvine wrote:
> At 9:18 -0800 01/1/17, Aaron Nabil wrote:
> >On Wed, 17 Jan 2001, Aaron Nabil wrote:
> >> Is this code in Handler.pm doing the most reasonable thing? The way it
> >> works now, if you have a rewrite username that lowercases, people can
> >> log in muliple times with username, Username, USERNAME, etc.
> >
> >Looks like you can't win either way.
> >
> >If you don't use OriginalUserName, session online checks will fail (the
> >ones that rely on names instead of session ID's) since they need to match
> >what the NAS supplied.
>
> This is why I always recommend that you reject usernames containing
> "illegal" characters immediately - just say "No"......
Yeah, I'm thinking of doing that, but it's not just illegal characters,
it's also upper/lowercase. What I ended up doing was storing the
rewritten user name, but fixing the one Nas.pm entry that used it. I am
considering your "solution", but tech support sure won't like it.
It looks like this (from isonlinetotalcontrolsnmp)...
my $result = &Radius::SNMP::snmpget
($nas_id, $client->{SNMPCommunity},
"$Radius::Nas::TCMIB.4.2.1.140.1.2.$oid");
# $name is from session database (cooked), $result is raw from nas
$result =~ s/^.*\"([^"]+)".*$/$1/; # extract from snmpget reply
$result =~ tr/A-Z/a-z/; # lowercase
$result =~ s/[^-_\@\.0-9a-z]//g; # noise filter
$result =~ s/^([^@]+).*/$1/; # strip realm
$name =~ s/^([^@]+).*/$1/; # strip realm
# &main::log($main::LOG_DEBUG, "result=$result $name=name");
return ($result eq $name);
}
PLEASE CC ME ON REPLIES.
--
Aaron Nabil
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
