radsecproxy September 2019

radsecproxy@lists.nordu.net

5 participants
5 discussions

Re: [radsecproxy] radsecproxy with fticks
by Fabian Mauchle 23 Sep '19

23 Sep '19

Hi Ramzi, On 23.09.19, 13:40, "radsecproxy on behalf of Ramzi Abdallah" <radsecproxy-bounces(a)lists.nordu.net on behalf of rsa(a)aub.edu.lb> wrote: Greetings, I'm trying to compile radsecproxy-1.8.0 with fticks. For some reason the configure script does not recognize the --enable-fticks option. When I run ./configure --enable-fticks I get the bellow error message: [root@eduroam radsecproxy-1.8.0]# ./configure --enable-fticks configure: WARNING: unrecognized options: --enable-fticks Any help is greatly appreciated. There is no need to specify fticks with configure. This feature is always available. (maybe you got an old guide somewhere... fticks was included in the default compile with radsecproxy 1.7.1) Best Regards, Fabian -- SWITCH Fabian Mauchle, Network Engineer Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland Phone +41 44 268 15 30, direct +41 44 268 15 39 fabian.mauchle(a)switch.ch, http://www.switch.ch

1 0

radsecproxy with fticks
by Ramzi Abdallah 23 Sep '19

23 Sep '19

Greetings, I'm trying to compile radsecproxy-1.8.0 with fticks. For some reason the configure script does not recognize the --enable-fticks option. When I run ./configure --enable-fticks I get the bellow error message: [root@eduroam radsecproxy-1.8.0]# ./configure --enable-fticks configure: WARNING: unrecognized options: --enable-fticks Any help is greatly appreciated. Regards, Ramzi

2 2

Re: [radsecproxy] Rather severe bug in 1.8.0 : secret field content erroneously interpreted
by Guy Halse 12 Sep '19

12 Sep '19

Hi Whatever software you use, you need to deal with some sort of escaping of user-supplied secrets because you can't predict what characters may be used. In FreeRADIUS, quote characters and spaces would be problematic in secrets; in radsecproxy, percents and spaces are. We deal with the escaping in the script that generates our radsecproxy configuration. I've some python I could share when I get back to a real PC. - Guy Sent from my cell phone. Please excuse brevity and spelling. On 12 Sep 2019 16:47, Christian Claveleira <Christian.Claveleira(a)renater.fr> wrote: Fabian Mauchle wrote on 12/09/2019 15:54: > Hi Christian, > > On 12.09.19, 15:34, "radsecproxy on behalf of Christian Claveleira" <radsecproxy-bounces(a)lists.nordu.net on behalf of Christian.Claveleira(a)renater.fr> wrote: > it seems the content of the secret string is interpreted when it contains a "%" : > > when a client (or server) declaration contains > secret fht8CD%E7am > > it is interpreted as > getgenericconfig: block client xxxx.yyyyy: secret = fht8CDçam > > One can see "%E7" is translated as the "ç" character. > > This case is mentioned in the manpage radsecproxy.conf(5): > If you want to write a % and not use this decoding, you may of course write % in hex; i.e., %25. > > Regards, > Fabian > > -- > SWITCH > Fabian Mauchle, Network Engineer > Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland > Phone +41 44 268 15 30, direct +41 44 268 15 39 > fabian.mauchle(a)switch.ch, http://www.switch.ch > Hi Fabian, Sorry for not have seen that but we don't choose the secrets used : the clients/servers administrators choose their secret which are put in configuration files for FreeRadius (in production) and radsecproxy (for evaluation). It's not expected to have to translate the content of the secret string :-\. Regards, Christian

1 0

Rather severe bug in 1.8.0 : secret field content erroneously interpreted
by Christian Claveleira 12 Sep '19

12 Sep '19

Hi, it seems the content of the secret string is interpreted when it contains a "%" : when a client (or server) declaration contains secret fht8CD%E7am it is interpreted as getgenericconfig: block client xxxx.yyyyy: secret = fht8CDçam One can see "%E7" is translated as the "ç" character. Result : clients and/or servers who use a secret containing substring "%hh" are rejected ! I suspect the function unhex() in gconfig.c to be the culprit... Christian

2 2

No space in realm regexp ?
by Christian Claveleira 11 Sep '19

11 Sep '19

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

radsecproxy September 2019