search

FreeRADIUS / freeradius-server

FreeRADIUS - A multi-protocol policy server.
http://freeradius.org
GNU General Public License v2.0
2.12k stars 1.08k forks source link

[defect]: <NULL> being sent in value pair tuple to python module when using tacacs VS #5456

Open fatal-bundy opened 1 week ago

fatal-bundy commented 1 week ago

What type of defect/bug is this?

incorrect 3rd party API usage

How can the issue be reproduced?

With a basic config and version radiusd - FreeRADIUS version 4.0.31683 (git #d1b3c119), for host x86_64-pc-linux-gnu add python module and example.py example. configure for authorization handling add print(p[0][0]) to authorize function

in tacacs VS add python mod to authorization recv block

first print will show the <NULL> in 2 sets of tuples. second print will cause a segfault in python as it tries to reference the <NULL> this seg fault occurs with any attempt to reference the affected tuples.

Log output from the FreeRADIUS daemon

proto_tacacs_tcp - Received Authorization seq_no 1 length 80 tacacs_tcp from client 172.22.16.84 port 47446 to server * port 49
(3)  Received Authorization-Request ID 1 from 172.22.16.84:47446 to 172.22.16.54:49 length 80 via socket tacacs_tcp from client 172.22.16.84 port 47446 to server * port 49
(3)    Packet {
(3)      Version-Major = Plus
(3)      Version-Minor = 0
(3)      Packet-Type = Authorization
(3)      Sequence-Number = 1
(3)      Flags = None
(3)      Session-Id = 3643474199
(3)      Length = 68
(3)    }
(3)    Packet-Body-Type = Request
(3)    Authentication-Method = TACACSPLUS
(3)    Privilege-Level = Max
(3)    Authentication-Type = ASCII
(3)    Authentication-Service = LOGIN
(3)    User-Name = "corey.griffith"
(3)    Client-Port = "/dev/pts/5"
(3)    Remote-Address = "10.0.94.128"
(3)    service = "shell"
(3)    cmd = ""
(3)    Argument-List = "task*"
(3)  tacacs {
(3)    Running 'recv Authorization-Request' from file /etc/freeradius/sites-enabled/tacacs
(3)    recv Authorization-Request {
((<NULL>, <NULL>), ('Packet-Body-Type', 4), ('Authentication-Method', 6), ('Privilege-Level', 15), ('Authentication-Type', 1), ('Authentication-Service', 1), ('User-Name', 'corey.griffith'), ('Client-Port', '/dev/pts/5'), ('Remote-Address', '10.0.94.128'), ('service', 'shell'), ('cmd', ''), ('Argument-List', 'task*'), (<NULL>, <NULL>), ('Packet-Type', 11))
CAUGHT SIGNAL: Segmentation fault
No panic action set

Relevant log output from client utilities

No response

Backtrace from LLDB or GDB

No response

alandekok commented 6 days ago

Could you add some gdb output? That would help a lot.