Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[defect]: rlm_files: Unexpected text after attribute reference - probably incorrect #5462

Open
ErmakovDmitriy opened this issue Nov 16, 2024 · 0 comments
Open

[defect]: rlm_files: Unexpected text after attribute reference - probably incorrect #5462

ErmakovDmitriy opened this issue Nov 16, 2024 · 0 comments
Labels
defect category: a defect or misbehaviour

Comments

@ErmakovDmitriy
Copy link

What type of defect/bug is this?

Unexpected behaviour (obvious or verified by project member)

How can the issue be reproduced?

FreeRADIUS 4, commit 3e23290

This issue was somewhat hard to reproduce for me. It appears if rlm_files file is larger than 8192 bytes and the byte 8193 is exactly at the "space" between an attribute name and "operator" (maybe other situations are possible). Adding extra "comment bytes" before to shift where the byte 8192 is in the file is a workaround (parsing success).

For example, we have "files" file as below (the cut word "Configura" is not a mistake but a way to have correct offset from the start of the file):

# Configura
00:11:22:33:00:49
        Your-IP-Address := 10.8.0.72,
        Hostname := host73.example.com

# Configuration for 10.8.0.73
00:11:22:33:00:4A
        Your-IP-Address := 10.8.0.73,
        Hostname := host74.example.com

# Configuration for 10.8.0.74
00:11:22:33:00:4B
        Your-IP-Address := 10.8.0.74,
        Hostname := host75.example.com

and the "space" in Your-IP-Address := 10.8.0.73, between the key and the value is the byte 8192.
Then an error appears:

/usr/local/etc/raddb/mods-config/files_dhcp/generated_file_hosts[366]: Your-IP-Address := 10.8.0.73,
/usr/local/etc/raddb/mods-config/files_dhcp/generated_file_hosts[366]:                 ^ Unexpected text after attribute reference
/usr/local/etc/raddb/mods-enabled/files_dhcp[27]: Failed to parse configuration item 'key = %{Client-Hardware-Address}'
/usr/local/etc/raddb/sites-enabled/dhcp[155]: Invalid keyword "files_dhcp_host".

Minimal configuration to reproduce:

/usr/local/etc/raddb/mods-enabled/files_dhcp:

files files_dhcp_host {
	moddir = ${modconfdir}/files_dhcp
        key = "%{Client-Hardware-Address}"
	filename = ${moddir}/generated_file_hosts
}

/usr/local/etc/raddb/sites-enabled/dhcp uses the files_dhcp:

# Other sections are omitted
recv Discover {
        files_dhcp_host
}

and the /usr/local/etc/raddb/mods-config/files_dhcp/generated_file_hosts has data which triggers the issue (an example file is attached).
generated_file_hosts

I think that the expected behavior is that FreeRADIUS should not fail to parse the file.

Text below this line are from my attempt to debug the issue and the conclusion might be wrong but please take a look:

[root@w-v-dmierm-freeradius-test-0 ~]# gdb /usr/local/sbin/radiusd
GNU gdb (GDB) Rocky Linux 10.2-13.el9
Copyright (C) 2021 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/local/sbin/radiusd...
(gdb) set args -Xxfl stdout
(gdb) watch lineno
No symbol "lineno" in current context.
(gdb) break pairlist_read_internal
Function "pairlist_read_internal" not defined.
Make breakpoint pending on future shared library load? (y or [n]) y
Breakpoint 1 (pairlist_read_internal) pending.
(gdb) run
Starting program: /usr/local/sbin/radiusd -Xxfl stdout
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
[Detaching after fork from child process 361373]
[Detaching after fork from child process 361374]

# Skipped startup log of FreeRADIUS

2024-11-16T14:20:17.768461+01:00: Compiling policies in - recv Discover {...}

Thread 1 "radiusd" hit Breakpoint 1, pairlist_read_internal (ctx=0x61a000007420, dict=0x6110000100e0, file=0x625000083140 "/usr/local/etc/raddb/mods-config/files_dhcp/generated_file_hosts", list=0x7fffffffc830, complain=true, order=0x7fffffffc680)
    at src/lib/server/users_file.c:248
248		int			lineno		= 1;
(gdb) watch lineno
Hardware watchpoint 2: lineno
(gdb) continue
Continuing.
2024-11-16T14:20:32.722198+01:00: Reading file /usr/local/etc/raddb/mods-config/files_dhcp/generated_file_hosts

Thread 1 "radiusd" hit Hardware watchpoint 2: lineno

Old value = 32767
New value = 2
pairlist_read_internal (ctx=0x61a000007420, dict=0x6110000100e0, file=0x625000083140 "/usr/local/etc/raddb/mods-config/files_dhcp/generated_file_hosts", list=0x7fffffffc830, complain=true, order=0x7fffffffc680) at src/lib/server/users_file.c:304
304				continue;
(gdb) 
Continuing.

Thread 1 "radiusd" hit Hardware watchpoint 2: lineno

### I skipped the output until the "line 365" in the generated_file_hosts file was reached

Thread 1 "radiusd" hit Hardware watchpoint 2: lineno

Old value = 365
New value = 366
pairlist_read_internal (ctx=0x61a000007420, dict=0x6110000100e0, file=0x625000083140 "/usr/local/etc/raddb/mods-config/files_dhcp/generated_file_hosts", list=0x7fffffffc830, complain=true, order=0x7fffffffc680) at src/lib/server/users_file.c:452
452				goto setup_reply;
(gdb) n
479			lhs_rules.attr.list_def = request_attr_reply;
(gdb) 
481			comma = false;
(gdb) print sbuff
$1 = {{buff_i = 0x7fffffffa510 "# Configuration for 10.8.0.0\n00:11:22:33:00:01\n\tYour-IP-Address := 10.8.0.0,\n\tHostname := host1.example.com\n\n# Configuration for 10.8.0.1\n00:11:22:33:00:02\n\tYour-IP-Address := 10.8.0.1,\n\tHostname := h"..., 
    buff = 0x7fffffffa510 "# Configuration for 10.8.0.0\n00:11:22:33:00:01\n\tYour-IP-Address := 10.8.0.0,\n\tHostname := host1.example.com\n\n# Configuration for 10.8.0.1\n00:11:22:33:00:02\n\tYour-IP-Address := 10.8.0.1,\n\tHostname := h"...}, {
    start_i = 0x7fffffffa510 "# Configuration for 10.8.0.0\n00:11:22:33:00:01\n\tYour-IP-Address := 10.8.0.0,\n\tHostname := host1.example.com\n\n# Configuration for 10.8.0.1\n00:11:22:33:00:02\n\tYour-IP-Address := 10.8.0.1,\n\tHostname := h"..., 
    start = 0x7fffffffa510 "# Configuration for 10.8.0.0\n00:11:22:33:00:01\n\tYour-IP-Address := 10.8.0.0,\n\tHostname := host1.example.com\n\n# Configuration for 10.8.0.1\n00:11:22:33:00:02\n\tYour-IP-Address := 10.8.0.1,\n\tHostname := h"...}, {
    end_i = 0x7fffffffc510 "P\305\377\377\377\177", end = 0x7fffffffc510 "P\305\377\377\377\177"}, {p_i = 0x7fffffffc4ff "\tYour-IP-Address P\305\377\377\377\177", p = 0x7fffffffc4ff "\tYour-IP-Address P\305\377\377\377\177"}, err = 0x0, is_const = 0 '\000', 
  adv_parent = 0 '\000', shifted = 0, extend = 0x7ffff71d6d03 <fr_sbuff_extend_file>, uctx = 0x7fffffffa280, parent = 0x0, m = 0x0}
(gdb) n
483			rhs_rules.attr.list_def = request_attr_request;
(gdb) 
485			relative_map = NULL;
(gdb) 
494			if (fr_sbuff_adv_past_blank(&sbuff, SIZE_MAX, NULL) == 0) {
(gdb) 
512			} else if (lineno == (t->lineno + 1)) {
(gdb) 
513				fr_assert(comma == false);
(gdb) 
524			if (fr_sbuff_is_char(&sbuff, '#')) {
(gdb) 
527			if (fr_sbuff_next_if_char(&sbuff, '\n')) {
(gdb) 


### To me it looks like here we call map_afrom_substr
### with the sbuff which contains the first 8192 bytes (size of the buffer)
### and sbuff.p_i has only Attribute-Name + "space" but not the value.
### It looks like the map_afrom_substr fails as the buff is exhausted
### and new data is not read to it when the parsing is performed.


532	next_reply_item:
(gdb) 
539			slen = map_afrom_substr(t, &new_map, &relative_map, &sbuff, map_assignment_op_table, map_assignment_op_table_len,
(gdb) print sbuff
$2 = {{buff_i = 0x7fffffffa510 "# Configuration for 10.8.0.0\n00:11:22:33:00:01\n\tYour-IP-Address := 10.8.0.0,\n\tHostname := host1.example.com\n\n# Configuration for 10.8.0.1\n00:11:22:33:00:02\n\tYour-IP-Address := 10.8.0.1,\n\tHostname := h"..., 
    buff = 0x7fffffffa510 "# Configuration for 10.8.0.0\n00:11:22:33:00:01\n\tYour-IP-Address := 10.8.0.0,\n\tHostname := host1.example.com\n\n# Configuration for 10.8.0.1\n00:11:22:33:00:02\n\tYour-IP-Address := 10.8.0.1,\n\tHostname := h"...}, {
    start_i = 0x7fffffffa510 "# Configuration for 10.8.0.0\n00:11:22:33:00:01\n\tYour-IP-Address := 10.8.0.0,\n\tHostname := host1.example.com\n\n# Configuration for 10.8.0.1\n00:11:22:33:00:02\n\tYour-IP-Address := 10.8.0.1,\n\tHostname := h"..., 
    start = 0x7fffffffa510 "# Configuration for 10.8.0.0\n00:11:22:33:00:01\n\tYour-IP-Address := 10.8.0.0,\n\tHostname := host1.example.com\n\n# Configuration for 10.8.0.1\n00:11:22:33:00:02\n\tYour-IP-Address := 10.8.0.1,\n\tHostname := h"...}, {
    end_i = 0x7fffffffc510 "P\305\377\377\377\177", end = 0x7fffffffc510 "P\305\377\377\377\177"}, {p_i = 0x7fffffffc500 "Your-IP-Address P\305\377\377\377\177", p = 0x7fffffffc500 "Your-IP-Address P\305\377\377\377\177"}, err = 0x0, is_const = 0 '\000', 
  adv_parent = 0 '\000', shifted = 0, extend = 0x7ffff71d6d03 <fr_sbuff_extend_file>, uctx = 0x7fffffffa280, parent = 0x0, m = 0x0}
(gdb) s
map_afrom_substr (ctx=0x6110008f44e0, out=0x7fffffffa240, parent_p=0x7fffffffa260, in=0x7fffffffa2d0, op_table=0x7ffff6f14600 <map_assignment_op_table>, op_table_len=14, lhs_rules=0x7fffffffa350, rhs_rules=0x7fffffffa430, p_rules=0x7ffff6f167a0 <rhs_term>)
    at src/lib/server/map.c:435
435		fr_sbuff_t			our_in = FR_SBUFF(in);
(gdb) n
437		fr_sbuff_term_t const		*tt = p_rules ? p_rules->terminals : NULL;
(gdb) print our_in
$3 = {{buff_i = 0x7fffffffa510 "# Configuration for 10.8.0.0\n00:11:22:33:00:01\n\tYour-IP-Address := 10.8.0.0,\n\tHostname := host1.example.com\n\n# Configuration for 10.8.0.1\n00:11:22:33:00:02\n\tYour-IP-Address := 10.8.0.1,\n\tHostname := h"..., 
    buff = 0x7fffffffa510 "# Configuration for 10.8.0.0\n00:11:22:33:00:01\n\tYour-IP-Address := 10.8.0.0,\n\tHostname := host1.example.com\n\n# Configuration for 10.8.0.1\n00:11:22:33:00:02\n\tYour-IP-Address := 10.8.0.1,\n\tHostname := h"...}, {
    start_i = 0x7fffffffc500 "Your-IP-Address P\305\377\377\377\177", start = 0x7fffffffc500 "Your-IP-Address P\305\377\377\377\177"}, {end_i = 0x7fffffffc510 "P\305\377\377\377\177", end = 0x7fffffffc510 "P\305\377\377\377\177"}, {
    p_i = 0x7fffffffc500 "Your-IP-Address P\305\377\377\377\177", p = 0x7fffffffc500 "Your-IP-Address P\305\377\377\377\177"}, err = 0x0, is_const = 0 '\000', adv_parent = 0 '\000', shifted = 0, extend = 0x7ffff71d6d03 <fr_sbuff_extend_file>, uctx = 0x7fffffffa280, 
  parent = 0x7fffffffa2d0, m = 0x0}
(gdb) n
440		if (parent_p) {
(gdb) 
441			parent = *parent_p;
(gdb) 
446		*out = NULL;
(gdb) 
447		MEM(map = map_alloc(ctx, NULL));
(gdb) 
449		(void)fr_sbuff_adv_past_whitespace(&our_in, SIZE_MAX, tt);
(gdb) 
451		fr_sbuff_marker(&m_lhs, &our_in);
(gdb) 
452		fr_sbuff_out_by_longest_prefix(&slen, &token, cond_quote_table, &our_in, T_BARE_WORD);
(gdb) 
453		switch (token) {
(gdb) 
460			tmpl_rules_t our_lhs_rules;
(gdb) 
462			if (lhs_rules) {
(gdb) 
463				our_lhs_rules = *lhs_rules;
(gdb) 
473			if (our_lhs_rules.attr.prefix != TMPL_ATTR_REF_PREFIX_YES) {
(gdb) 
477				if (!fr_sbuff_next_if_char(&our_in, '.')) {
(gdb) 
478					parent = NULL;
(gdb) 
479					goto lhs_root;
(gdb) 
514		lhs_root:
(gdb) 
515			slen = tmpl_afrom_attr_substr(map, NULL, &map->lhs, &our_in,
(gdb) 
517			break;
(gdb) 
521		if (!map->lhs) {
(gdb) 
522		error:
(gdb) 
523			slen = 0;
(gdb) 
525		error_adj:
(gdb) 
526			talloc_free(map);
(gdb) print our_in
$4 = {{buff_i = 0x7fffffffa510 "Your-IP-Address := 10.8.0.73,\n\tHostname := host74.example.com\n\n# Configuration for 10.8.0.74\n00:11:22:33:00:4B\n\tYour-IP-Address := 10.8.0.74,\n\tHostname := host75.example.com\n\n# Configuration for 10.8."..., 
    buff = 0x7fffffffa510 "Your-IP-Address := 10.8.0.73,\n\tHostname := host74.example.com\n\n# Configuration for 10.8.0.74\n00:11:22:33:00:4B\n\tYour-IP-Address := 10.8.0.74,\n\tHostname := host75.example.com\n\n# Configuration for 10.8."...}, {
    start_i = 0x7fffffffa510 "Your-IP-Address := 10.8.0.73,\n\tHostname := host74.example.com\n\n# Configuration for 10.8.0.74\n00:11:22:33:00:4B\n\tYour-IP-Address := 10.8.0.74,\n\tHostname := host75.example.com\n\n# Configuration for 10.8."..., 
    start = 0x7fffffffa510 "Your-IP-Address := 10.8.0.73,\n\tHostname := host74.example.com\n\n# Configuration for 10.8.0.74\n00:11:22:33:00:4B\n\tYour-IP-Address := 10.8.0.74,\n\tHostname := host75.example.com\n\n# Configuration for 10.8."...}, {
    end_i = 0x7fffffffc510 "P\305\377\377\377\177", end = 0x7fffffffc510 "P\305\377\377\377\177"}, {
    p_i = 0x7fffffffa510 "Your-IP-Address := 10.8.0.73,\n\tHostname := host74.example.com\n\n# Configuration for 10.8.0.74\n00:11:22:33:00:4B\n\tYour-IP-Address := 10.8.0.74,\n\tHostname := host75.example.com\n\n# Configuration for 10.8."..., 
    p = 0x7fffffffa510 "Your-IP-Address := 10.8.0.73,\n\tHostname := host74.example.com\n\n# Configuration for 10.8.0.74\n00:11:22:33:00:4B\n\tYour-IP-Address := 10.8.0.74,\n\tHostname := host75.example.com\n\n# Configuration for 10.8."...}, 
  err = 0x7fffffffa51f " := 10.8.0.73,\n\tHostname := host74.example.com\n\n# Configuration for 10.8.0.74\n00:11:22:33:00:4B\n\tYour-IP-Address := 10.8.0.74,\n\tHostname := host75.example.com\n\n# Configuration for 10.8.0.75\n00:11:22:3"..., is_const = 0 '\000', 
  adv_parent = 0 '\000', shifted = 0, extend = 0x7ffff71d6d03 <fr_sbuff_extend_file>, uctx = 0x7fffffffa280, parent = 0x7fffffffa2d0, m = 0x7fffffff9f20}
(gdb) n
527			FR_SBUFF_ERROR_RETURN(&our_in);
(gdb) 
748	}
(gdb) 
431	{
(gdb) 
748	}
(gdb) 
pairlist_read_internal (ctx=0x61a000007420, dict=0x6110000100e0, file=0x625000083140 "/usr/local/etc/raddb/mods-config/files_dhcp/generated_file_hosts", list=0x7fffffffc830, complain=true, order=0x7fffffffc680) at src/lib/server/users_file.c:541
541			if (!new_map) {
(gdb) 
542				ERROR_MARKER_ADJ(&sbuff, slen, fr_strerror());
(gdb) 
2024-11-16T14:22:58.037613+01:00: /usr/local/etc/raddb/mods-config/files_dhcp/generated_file_hosts[366]: Your-IP-Address := 10.8.0.73,
2024-11-16T14:22:58.037690+01:00: /usr/local/etc/raddb/mods-config/files_dhcp/generated_file_hosts[366]:                 ^ Unexpected text after attribute reference
543				goto fail;
(gdb) quit
A debugging session is active.

	Inferior 1 [process 361369] will be killed.

Quit anyway? (y or n) y

Log output from the FreeRADIUS daemon

radiusd -X
Info  : Copyright 1999-2024 The FreeRADIUS server project and contributors
Info  : There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
Info  : PARTICULAR PURPOSE
Info  : You may redistribute copies of FreeRADIUS under the terms of the
Info  : GNU General Public License
Info  : For more information about these matters, see the file named COPYRIGHT
Info  : Starting - reading configuration files ...
including configuration file /usr/local/etc/raddb/radiusd.conf
Including files in directory "/usr/local/etc/raddb/template.d/"
including configuration file /usr/local/etc/raddb/template.d/default
including configuration file /usr/local/etc/raddb/clients.conf
Including files in directory "/usr/local/etc/raddb/global.d/"
including configuration file /usr/local/etc/raddb/global.d/ldap
including configuration file /usr/local/etc/raddb/global.d/python
Including files in directory "/usr/local/etc/raddb/mods-enabled/"
including configuration file /usr/local/etc/raddb/mods-enabled/always
including configuration file /usr/local/etc/raddb/mods-enabled/attr_filter
including configuration file /usr/local/etc/raddb/mods-enabled/client
including configuration file /usr/local/etc/raddb/mods-enabled/detail
including configuration file /usr/local/etc/raddb/mods-enabled/detail.log
including configuration file /usr/local/etc/raddb/mods-enabled/echo
including configuration file /usr/local/etc/raddb/mods-enabled/escape
including configuration file /usr/local/etc/raddb/mods-enabled/exec
including configuration file /usr/local/etc/raddb/mods-enabled/files
including configuration file /usr/local/etc/raddb/mods-enabled/files_dhcp
including configuration file /usr/local/etc/raddb/mods-enabled/linelog
including configuration file /usr/local/etc/raddb/mods-enabled/unix
including configuration file /usr/local/etc/raddb/mods-enabled/unpack
Including files in directory "/usr/local/etc/raddb/policy.d/"
including configuration file /usr/local/etc/raddb/policy.d/abfab-tr
including configuration file /usr/local/etc/raddb/policy.d/accounting
including configuration file /usr/local/etc/raddb/policy.d/canonicalisation
including configuration file /usr/local/etc/raddb/policy.d/control
including configuration file /usr/local/etc/raddb/policy.d/cui
including configuration file /usr/local/etc/raddb/policy.d/debug
including configuration file /usr/local/etc/raddb/policy.d/dhcp
including configuration file /usr/local/etc/raddb/policy.d/dhcp_policy_networks
including configuration file /usr/local/etc/raddb/policy.d/eap
including configuration file /usr/local/etc/raddb/policy.d/filter
including configuration file /usr/local/etc/raddb/policy.d/operator-name
including configuration file /usr/local/etc/raddb/policy.d/time
including configuration file /usr/local/etc/raddb/policy.d/vendor
Including files in directory "/usr/local/etc/raddb/sites-enabled/"
including configuration file /usr/local/etc/raddb/sites-enabled/dhcp
Loaded module process_dhcpv4
Parsing initial logging configuration.
main {
  prefix = /usr/local
  log {
    destination = file
    syslog_facility = daemon
    local_state_dir = "/usr/local/var"
    logdir = "/usr/local/var/log"
    file = /usr/local/var/log/radius/radius.log
    suppress_secrets = no
  }
}
Parsing security rules to bootstrap UID / GID / chroot / etc.
main {
  log {
  }
  security {
    allow_core_dumps = no
    allow_vulnerable_openssl = no
    openssl_fips_mode = no
  }
  name = radiusd
  local_state_dir = "/usr/local/var"
  run_dir = /usr/local/var/run/radiusd
}
Parsing main configuration
main {
  server dhcp {
    namespace = dhcpv4
Loaded module proto_dhcpv4
    listen {
      type = Discover
      type = Request
      type = Inform
      type = Release
      type = Decline
      transport = udp
Loaded module proto_dhcpv4_udp
      udp {
        ipaddr = 0.0.0.0
        interface = ens224
        port = 67
        client_port = 68
        broadcast = no
        networks {
        }
        max_packet_size = 4096
        max_attributes = 255
      }
      limit {
        cleanup_delay = 5.0
        idle_timeout = 30.0
        nak_lifetime = 30.0
        max_connections = 1024
        max_clients = 256
        max_pending_packets = 256
        priority {
          Discover = normal
          Request = normal
          Decline = normal
          Release = normal
          Inform = normal
          Lease-Query = low
          Bulk-Lease-Query = low
        }
      }
    }
  }
  log {
    colourise = yes
  }
  security {
  }
  sbin_dir = "/usr/local/sbin"
  logdir = /usr/local/var/log/radius
  radacctdir = /usr/local/var/log/radius/radacct
  reverse_lookups = no
  hostname_lookups = yes
  max_request_time = 30
  pidfile = /usr/local/var/run/radiusd/radiusd.pid
  debug_level = 0
  max_requests = 16384
  resources {
  }
  thread pool {
    num_networks = 1
Dynamically determined thread.workers = 2
    num_workers = 2
    openssl_async_pool_init = 64
    openssl_async_pool_max = 1024
  }
  migrate {
    rewrite_update = false
    forbid_update = false
  }
  interpret {
  }
}
Switching to configured log settings
  log debug {
    destination = null
    timestamp = yes
    colourise = no
  }
radiusd: #### Loading Clients ####
  client localhost {
    ipaddr = 127.0.0.1
    secret = <<< secret >>>
    require_message_authenticator = auto
    limit_proxy_state = auto
    proto = *
    limit {
      max_connections = 16
      lifetime = 0
      idle_timeout = 30
    }
  }
  client localhost_ipv6 {
    ipv6addr = ::1
    secret = <<< secret >>>
    require_message_authenticator = no
    limit_proxy_state = auto
    limit {
      max_connections = 16
      lifetime = 0
      idle_timeout = 30s
    }
  }
Debugger not attached
Configuration version: 6ACECC01-D7C4-4149-91A5-6960A8FB2394
systemd watchdog is disabled
pre-suid-down capabilities: =ep
trigger { ... } subsection not found, triggers will be disabled
#### Instantiating libraries ####
#### Bootstrapping process modules ####
#### Bootstrapping protocol modules ####
#### Instantiating libraries ####
#### Bootstrapping static modules ####
 modules {
    static {
Loaded module rlm_always
    always reject {
      rcode = reject
    }
    always fail {
      rcode = fail
    }
    always ok {
      rcode = ok
    }
    always handled {
      rcode = handled
    }
    always invalid {
      rcode = invalid
    }
    always disallow {
      rcode = disallow
    }
    always notfound {
      rcode = notfound
    }
    always noop {
      rcode = noop
    }
    always updated {
      rcode = updated
    }
Loaded module rlm_attr_filter
    attr_filter attr_filter.pre-proxy {
      filename = /usr/local/etc/raddb/mods-config/attr_filter/pre-proxy
      key = "%{Realm}"
      relaxed = no
    }
    attr_filter attr_filter.post-proxy {
      filename = /usr/local/etc/raddb/mods-config/attr_filter/post-proxy
      key = "%{Realm}"
      relaxed = no
    }
    attr_filter attr_filter.access_reject {
      filename = /usr/local/etc/raddb/mods-config/attr_filter/access_reject
      key = "%{User-Name}"
      relaxed = no
    }
    attr_filter attr_filter.access_challenge {
      filename = /usr/local/etc/raddb/mods-config/attr_filter/access_challenge
      key = "%{User-Name}"
      relaxed = no
    }
    attr_filter attr_filter.accounting_response {
      filename = /usr/local/etc/raddb/mods-config/attr_filter/accounting_response
      key = "%{User-Name}"
      relaxed = no
    }
Loaded module rlm_client
Loaded module rlm_detail
    detail {
      permissions = 0600
      locking = no
      escape_filenames = no
      log_packet_header = no
    }
    detail auth_log {
      permissions = 0600
      locking = no
      escape_filenames = no
      log_packet_header = no
    }
    detail reply_log {
      permissions = 0600
      locking = no
      escape_filenames = no
      log_packet_header = no
    }
    detail pre_proxy_log {
      permissions = 0600
      locking = no
      escape_filenames = no
      log_packet_header = no
    }
    detail post_proxy_log {
      permissions = 0600
      locking = no
      escape_filenames = no
      log_packet_header = no
    }
Loaded module rlm_exec
    exec echo {
      wait = yes
      input_pairs = &request
      output_pairs = &reply
      shell_escape = yes
      env_inherit = no
    }
Loaded module rlm_escape
    escape {
      safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /äéöüàâæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÏÔŒÙÛÜŸ"
    }
    exec {
      wait = yes
      input_pairs = &request
      shell_escape = yes
      env_inherit = no
      timeout = 10
    }
Loaded module rlm_files
    files {
      filename = /usr/local/etc/raddb/mods-config/files/authorize
    }
    files files_accounting {
      filename = /usr/local/etc/raddb/mods-config/files/accounting
    }
    files files_dhcp_host {
      filename = /usr/local/etc/raddb/mods-config/files_dhcp/generated_file_hosts
    }
Loaded module rlm_linelog
    linelog {
      destination = file
      delimiter = "\n"
      file {
        permissions = 0600
        escape_filenames = no
        fsync = no
      }
      syslog {
        severity = "info"
      }
      unix {
      }
      tcp {
        server = localhost
        port = 514
        timeout = 2.0
      }
      udp {
        server = localhost
        port = 514
        timeout = 2.0
      }
    }
    linelog log_accounting {
      destination = file
      delimiter = "\n"
      file {
        permissions = 0600
        escape_filenames = no
        fsync = no
      }
      syslog {
        severity = "info"
      }
      unix {
      }
      tcp {
        timeout = 1000
      }
      udp {
        timeout = 1000
      }
    }
    linelog log_auth_access_accept {
      destination = file
      delimiter = "\n"
      file {
        permissions = 0600
        escape_filenames = no
        fsync = no
      }
      syslog {
        facility = daemon
        severity = notice
      }
      unix {
      }
      tcp {
        timeout = 1000
      }
      udp {
        timeout = 1000
      }
    }
    linelog log_auth_access_reject {
      destination = file
      delimiter = "\n"
      file {
        permissions = 0600
        escape_filenames = no
        fsync = no
      }
      syslog {
        facility = daemon
        severity = notice
      }
      unix {
      }
      tcp {
        timeout = 1000
      }
      udp {
        timeout = 1000
      }
    }
    linelog log_auth_authentication_pass {
      destination = file
      delimiter = "\n"
      file {
        permissions = 0600
        escape_filenames = no
        fsync = no
      }
      syslog {
        facility = daemon
        severity = notice
      }
      unix {
      }
      tcp {
        timeout = 1000
      }
      udp {
        timeout = 1000
      }
    }
    linelog log_auth_authentication_fail {
      destination = file
      delimiter = "\n"
      file {
        permissions = 0600
        escape_filenames = no
        fsync = no
      }
      syslog {
        facility = daemon
        severity = notice
      }
      unix {
      }
      tcp {
        timeout = 1000
      }
      udp {
        timeout = 1000
      }
    }
Loaded module rlm_unix
    unix {
    }
Loaded module rlm_unpack
    } # static
#### Bootstrapping rlm modules ####
Bootstrapping rlm_always "disallow"
Bootstrapping rlm_exec "echo"
Bootstrapping rlm_escape "escape"
Bootstrapping rlm_exec "exec"
Bootstrapping rlm_always "fail"
Bootstrapping rlm_always "handled"
Bootstrapping rlm_always "invalid"
Bootstrapping rlm_linelog "linelog"
Bootstrapping rlm_linelog "log_accounting"
Bootstrapping rlm_linelog "log_auth_access_accept"
Bootstrapping rlm_linelog "log_auth_access_reject"
Bootstrapping rlm_linelog "log_auth_authentication_fail"
Bootstrapping rlm_linelog "log_auth_authentication_pass"
Bootstrapping rlm_always "noop"
Bootstrapping rlm_always "notfound"
Bootstrapping rlm_always "ok"
Bootstrapping rlm_always "reject"
Bootstrapping rlm_unix "unix"
Bootstrapping rlm_always "updated"
Including dictionary file "/usr/local/etc/raddb/dictionary"
#### Instantiating listeners ####
Compiling policies in server dhcp { ... }
Compiling policies in - recv Discover {...}
Reading file /usr/local/etc/raddb/mods-config/files_dhcp/generated_file_hosts
/usr/local/etc/raddb/mods-config/files_dhcp/generated_file_hosts[366]: Your-IP-Address := 10.8.0.73,
/usr/local/etc/raddb/mods-config/files_dhcp/generated_file_hosts[366]:                 ^ Unexpected text after attribute reference
/usr/local/etc/raddb/mods-enabled/files_dhcp[27]: Failed to parse configuration item 'key = %{Client-Hardware-Address}'
/usr/local/etc/raddb/sites-enabled/dhcp[155]: Invalid keyword "files_dhcp_host".

Relevant log output from client utilities

No response

Backtrace from LLDB or GDB

No response
@ErmakovDmitriy ErmakovDmitriy added the defect category: a defect or misbehaviour label Nov 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
defect category: a defect or misbehaviour
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ErmakovDmitriy