Re: (RADIATOR) Radiator dying on unusual usernames

Hugh Irvine Wed, 30 Jul 2003 18:37:48 -0700

Hello Barry -

You can use the global UsernameCharset parameter in the configuration file to restrict usernames to a defined set of characters (and reject anything else). See section 6.4.30 in the Radiator 3.6 reference manual ("doc/ref.html").

I have also copied Mike on this mail, as he may have other comments.

BTW - you will sometimes see username and password strings like you show below from modems that have not trained properly and give you rubbish.

regards

Hugh

On Thursday, Jul 31, 2003, at 10:40 Australia/Melbourne, Barry Brown wrote:

Hi,

We just installed Radiator and are running into situations where it just rolls over and dies. Sometimes it happens after just a few hours, sometime I have to wait a day or so. The latest incident happened a few hours ago and I captured it on the console and in log files. It looks like Syslog.pm is choking on the data it's being given. It could be because of the garbage username and password. I can't say for sure whether the previous incidents were caused by the same thing since I didn't have the log files set up to capture them.

Should radiator be sanitizing the data before working with it?

Thanks,

Barry

Console output:

bobbidi root # radiusd -config_file /etc/radiusd.conf -foreground Modification of a read-only value attempted at /usr/lib/perl5/5.8.0/i686-linux/Sys/Syslog.pm line 296. Attempt to free unreferenced scalar during global destruction.

Configuration file (no secrets):
#Foreground
#LogStdout
LogDir          /var/log/radius
DbDir           /etc/raddb
PidFile         /var/run/radiusd/radiusd.pid
# User a lower trace level in production systems:
Trace           4
AuthPort        1645,1812
AcctPort        1646,1813
<ClientListSQL>
        DBSource        dbi:mysql:radius:123.4.5.6
        DBUsername      XXXXXX
        DBAuth          XXXXXXXX
        GetClientQuery  select ipaddr,secret from nas
</ClientListSQL>
<Realm DEFAULT> <AuthBy SQL> DBSource dbi:mysql:radius:123.4.5.6 DBUsername XXXXXX DBAuth XXXXXXX AuthSelect select Value from radcheck where UserName = %0 AuthColumnDef 0, User-Password, check AddToReply Service-Type=Framed-User,\ Framed-Protocol=PPP,\ Framed-Compression=Van-Jacobsen-TCP-IP </AuthBy>

PasswordLogFileName /var/log/radius/password.log

<AuthLog SYSLOG> Facility user Priority info LogSuccess 0 LogFailure 1 # The defaults for below are %1:%U:%P:OK and %1:%U:%P:FAIL SuccessFormat %U:OK FailureFormat %U:%P:FAIL </AuthLog> #<AuthLog SQL> # DBSource dbi:mysql:radius:123.4.5.6 # DBUsername XXXXXXX # DBAuth XXXXXXX #</AuthLog> </Realm>

Last few lines of the authlog (generated by syslog):

Jul 30 11:23:53 bobbidi /usr/bin/radiusd[11372]: had-e::FAIL: No such user Jul 30 11:24:43 bobbidi /usr/bin/radiusd[11372]: ::FAIL: No such user Jul 30 11:25:59 bobbidi /usr/bin/radiusd[11372]: ::FAIL: No such user Jul 30 11:26:10 bobbidi /usr/bin/radiusd[11372]: smsshanghai::FAIL: Bad Password Jul 30 11:26:51 bobbidi /usr/bin/radiusd[11372]: john23::FAIL: Bad Password Jul 30 11:28:45 bobbidi /usr/bin/radiusd[11372]: john23::FAIL: Bad Password Jul 30 11:29:26 bobbidi /usr/bin/radiusd[11372]: EBR=11-~d44KlN0mu#-k7}R%A-m1UfLp:G*t\?yBzb|.3\'>Ccp4&&#Rn\anJ{N/ \(s[+5yx+<x#5a\Q2!i|7U6{:E!'5&>:FAIL: No such user Jul 30 11:29:26 bobbidi /usr/bin/radiusd[11372]: k-5TK:0I:FAIL: No such user

Finally, the last few entries from the logfile:

Wed Jul 30 11:29:26 2003: DEBUG: Packet dump: *** Received from 66.81.0.128 port 3598 .... Code: Access-Request Identifier: 192 Authentic: ;<203><191><152>~<163><247><177><14>*q<1>jw<184><208> Attributes: User-Name = "EBR=11-~d44KlN%Xmu#-k7}R%A-m1UfLp" NAS-IP-Address = 66.81.7.27 NAS-Port = 27213 NAS-Port-Type = Async Service-Type = Login-User Calling-Station-Id = "5306761012" Ascend-Calling-Id-Type-Of-Num = Unknown Ascend-Calling-Id-Number-Plan = Unknown Called-Station-Id = "5305031325" Acct-Session-Id = "401591860" Ascend-Data-Rate = 26400 Ascend-Xmit-Rate = 26400 User-Password = "A<28><240><183><10>3Yi<192>K<162><2><3>U7m<181>s<186>6<214><14>2<188>L <221>h<185>~<7>{<236><4>$ <237><245><245><26><168>q<196><8><30>[EMAIL PROTECTED]<226>70I<226><251><8>)"N<227><5 >k<17>4=<21>"

Wed Jul 30 11:29:26 2003: DEBUG: Handling request with Handler 'Realm=DEFAULT' Wed Jul 30 11:29:26 2003: DEBUG: Deleting session for EBR=11-~d44KlN%Xmu#-k7}R%A-m1UfLp, 66.81.7.27, 27213 Wed Jul 30 11:29:26 2003: DEBUG: Handling with Radius::AuthSQL Wed Jul 30 11:29:26 2003: DEBUG: Handling with Radius::AuthSQL: Wed Jul 30 11:29:26 2003: DEBUG: Query is: 'select Value from radcheck where UserName = 'EBR=11-~d44KlN%Xmu#-k7}R%A-m1UfLp'':

Wed Jul 30 11:29:26 2003: DEBUG: Radius::AuthSQL looks for match with EBR=11-~d44KlN%Xmu#-k7}R%A-m1UfLp Wed Jul 30 11:29:26 2003: DEBUG: Query is: 'select Value from radcheck where UserName = 'DEFAULT'':

Wed Jul 30 11:29:26 2003: INFO: Access rejected for EBR=11-~d44KlN%Xmu#-k7}R%A-m1UfLp: No such user Wed Jul 30 11:29:26 2003: DEBUG: Packet dump: *** Sending to 66.81.0.128 port 3598 .... Code: Access-Reject Identifier: 192 Authentic: ;<203><191><152>~<163><247><177><14>*q<1>jw<184><208> Attributes: Reply-Message = "Request Denied"

Wed Jul 30 11:29:26 2003: DEBUG: Packet dump: *** Received from 66.81.0.128 port 3598 .... Code: Access-Request Identifier: 193 Authentic: <175>l<22><253><21>NP<243><203><233>Elm<13><<143> Attributes: User-Name = "alewis" NAS-IP-Address = 66.81.7.11 NAS-Port = 26724 NAS-Port-Type = Async Service-Type = Framed-User Framed-Protocol = PPP Calling-Station-Id = "5302724813" Ascend-Calling-Id-Type-Of-Num = Unknown Ascend-Calling-Id-Number-Plan = Unknown Called-Station-Id = "5302051325" Acct-Session-Id = "398300071" Ascend-Endpoint-Disc = "<1><204><25>[<3>x<226>D<<162><13>O<133><195>><29>:" Ascend-Data-Rate = 26400 Ascend-Xmit-Rate = 50667 User-Password = ";<182><168><225><243><146>L*'8<251>t<161><191><127><164>"

Wed Jul 30 11:29:26 2003: DEBUG: Handling request with Handler 'Realm=DEFAULT' Wed Jul 30 11:29:26 2003: DEBUG: Deleting session for lewis, 66.81.7.11, 26724 Wed Jul 30 11:29:26 2003: DEBUG: Handling with Radius::AuthSQL Wed Jul 30 11:29:26 2003: DEBUG: Handling with Radius::AuthSQL: Wed Jul 30 11:29:26 2003: DEBUG: Query is: 'select Value from radcheck where UserName = 'alewis'':

Wed Jul 30 11:29:26 2003: DEBUG: Radius::AuthSQL looks for match with alewis Wed Jul 30 11:29:26 2003: DEBUG: Radius::AuthSQL ACCEPT: Wed Jul 30 11:29:26 2003: DEBUG: Access accepted for alewis Wed Jul 30 11:29:26 2003: DEBUG: Packet dump: *** Sending to 66.81.0.128 port 3598 .... Code: Access-Accept Identifier: 193 Authentic: <175>l<22><253><21>NP<243><203><233>Elm<13><<143> Attributes: Service-Type = Framed-User Framed-Protocol = PPP Framed-Compression = Van-Jacobsen-TCP-IP
Wed Jul 30 11:29:26 2003: DEBUG: Packet dump:
*** Received from 66.81.0.128 port 3598 ....
Code:       Access-Request
Identifier: 195
Authentic:  ;<203><191><152>~<163><247><177><14>*q<1>jw<184><208>
Attributes:
        User-Name = "k-5TK"
        NAS-IP-Address = 66.81.7.27
        NAS-Port = 27213
        NAS-Port-Type = Async
        Service-Type = Login-User
        Calling-Station-Id = "5306761012"
        Ascend-Calling-Id-Type-Of-Num = Unknown
        Ascend-Calling-Id-Number-Plan = Unknown
        Called-Station-Id = "5305031325"
        Acct-Session-Id = "401591860"
        Ascend-Data-Rate = 26400
        Ascend-Xmit-Rate = 26400
        User-Password = "6<127><132><235>5J<27><19><162>7<140>1_r<9>."
Wed Jul 30 11:29:26 2003: DEBUG: Handling request with Handler 'Realm=DEFAULT' Wed Jul 30 11:29:26 2003: DEBUG: Deleting session for k-5TK, 66.81.7.27, 27213 Wed Jul 30 11:29:26 2003: DEBUG: Handling with Radius::AuthSQL Wed Jul 30 11:29:26 2003: DEBUG: Handling with Radius::AuthSQL: Wed Jul 30 11:29:26 2003: DEBUG: Query is: 'select Value from radcheck where UserName = 'k-5TK'':

Wed Jul 30 11:29:26 2003: DEBUG: Radius::AuthSQL looks for match with k-5TK Wed Jul 30 11:29:26 2003: DEBUG: Query is: 'select Value from radcheck where UserName = 'DEFAULT'':
Wed Jul 30 11:29:26 2003: INFO: Access rejected for k-5TK: No such user
Wed Jul 30 11:29:26 2003: DEBUG: Packet dump:
*** Sending to 66.81.0.128 port 3598 ....
Code:       Access-Reject
Identifier: 195
Authentic:  ;<203><191><152>~<163><247><177><14>*q<1>jw<184><208>
Attributes:
        Reply-Message = "Request Denied"
Wed Jul 30 11:29:26 2003: DEBUG: Packet dump: *** Received from 66.81.0.128 port 3598 .... Code: Access-Request Identifier: 196 Authentic: ;<203><191><152>~<163><247><177><14>*q<1>jw<184><208> Attributes: User-Name = "R99%KDF{j"kk$B#(5#W>l2TFav%A?<OPfjxt?>~.fu&Q15gj}yfxB;y;9" NAS-IP-Address = 66.81.7.27 NAS-Port = 27213 NAS-Port-Type = Async Service-Type = Login-User Calling-Station-Id = "5306761012" Ascend-Calling-Id-Type-Of-Num = Unknown Ascend-Calling-Id-Number-Plan = Unknown Called-Station-Id = "5305031325" Acct-Session-Id = "401591860" Ascend-Data-Rate = 26400 Ascend-Xmit-Rate = 26400 User-Password = "IV<236><168><13>4!x<139>z<175>EiT7z<22>f<24><131><163><155><141>^<247> <5>L~<244><252>7M|<219>]U<196>:<247><164><234><155><172><146>:<186><140 ><247><168>2B<134><174><166>w<205><31><146><184><239><142>#<144>7<216>v <231><220><160>>Q<127><22><196><184><247>y<240>#{&ok<169>e<145><232><20 1><155><205><29>$<177>me<179><143><218>o?v<20><6><211>e<175><27><200><1 29><220><21><207>%x<206>v<222>_<202><27><168>Q{`7<224>.)<23><143>d8<8>< 169><211>?V<254>c{<253><20>6<199><30>!<22>x<141><7><136><159><168><211> <190>)f<20>J"

Wed Jul 30 11:29:26 2003: DEBUG: Handling request with Handler 'Realm=DEFAULT' Wed Jul 30 11:29:26 2003: DEBUG: Deleting session for R99%KDF{j"kk$B#(5#W>l2TFav%A?<OPfjxt?>~.fu&Q15gj}yfxB;y;9, 66.81.7.27, 27213 Wed Jul 30 11:29:26 2003: DEBUG: Handling with Radius::AuthSQL Wed Jul 30 11:29:26 2003: DEBUG: Handling with Radius::AuthSQL: Wed Jul 30 11:29:26 2003: DEBUG: Query is: 'select Value from radcheck where UserName = 'R99%KDF{j\"kk$B#(5#W>l2TFav%A?<OPfjxt?>~.fu&Q15gj}yfxB;y;9'':

Wed Jul 30 11:29:26 2003: DEBUG: Radius::AuthSQL looks for match with R99%KDF{j"kk$B#(5#W>l2TFav%A?<OPfjxt?>~.fu&Q15gj}yfxB;y;9 Wed Jul 30 11:29:26 2003: DEBUG: Query is: 'select Value from radcheck where UserName = 'DEFAULT'':

Wed Jul 30 11:29:26 2003: INFO: Access rejected for R99%KDF{j"kk$B#(5#W>l2TFav%A?<OPfjxt?>~.fu&Q15gj}yfxB;y;9: No such > user

A few lines from Syslog.pm around line 296:
    unless ($whoami) {
        ($whoami = getlogin) ||
            ($whoami = getpwuid($<)) ||
                ($whoami = 'syslog');
    }
$whoami .= "[$$]" if $lo_pid;
    $mask =~ s/%m/$!/g;
    $mask .= "\n" unless $mask =~ /\n$/;
    $message = sprintf ($mask, @_);     #        <-- This is 296
    $sum = $numpri + $numfac;
    my $buf = "<$sum>$whoami: $message\0";
    # it's possible that we'll get an error from sending
    # (e.g. if method is UDP and there is no UDP listener,
    # then we'll get ECONNREFUSED on the send). So what we
    # want to do at this point is to fallback onto a different
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.


NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Radiator dying on unusual usernames

Reply via email to