search

jimdigriz / freeradius-oauth2-perl

FreeRADIUS OAuth2 (OpenID Connect) using rlm_perl
GNU Affero General Public License v3.0
127 stars 35 forks source link

Time parsing is still bust #13

Open jimdigriz opened 3 years ago

jimdigriz commented 3 years ago

So it turns out my fix for locale massaging does not properly work:

(23) oauth2_perl:   $RAD_CONFIG{'OAuth2-Password-Last-Modified'} = &control:OAuth2-Password-Last-Modified -> 'Nov  5 2020 11:31:56 UTC' rlm_perl: oauth2 authorize
(23) oauth2_perl: perl_embed:: module = /opt/freeradius-oauth2-perl/main.pm , func = authorize exit status= Error parsing time at /usr/lib/x86_64-linux-gnu/perl/5.26/Time/Piece.pm line 481.

This might be moot with a newer (currently unreleased) version of FreeRADIUS so lets test that, and decide if I just need to to poke the NR team to cut a new release or do I need to fix my horrific use of Time::Piece.

jimdigriz commented 3 years ago

Temporary (untested) workaround is to edit line 222 of main.pm and replace:

$r->{p} = to_radtime($d->{lastPasswordChangeDateTime}) if (exists($d->{lastPasswordChangeDateTime}));

With:

$r->{p} = 'Nov  8 2020 15:37:25 UTC';

Does not matter what the value is, just make it some date in the past, date format generated using the output of:

date -u +'%b %e %Y %H:%M:%S %Z' -d'yesterday'
jimdigriz commented 3 years ago

Can confirm, setting the locale to something not user hostile (eg. fr_FR.UTF-8 or ru_RU.UTF-8) results in this not working.

The problem is actually the call to from_radtime which checks lastPasswordChangeDateTime on subsequent authentications, this explains why it all works the first time and then refuses to work afterwards.

Also means https://github.com/FreeRADIUS/freeradius-server/issues/3602 is not applicable as to_radtime works fine.

jimdigriz commented 3 years ago

strftime (even with Time::Piece->use_locale()) is outputting English names... :-/

This goes into FR, which parses it, but when it passes it back to us, it is in the correct locale but Time::Piece cannot parse it as it says 'nov.' rather than 'Nov'.

Mocking up a standalone test, Time::Piece correctly outputs the locale you want, it might be something about being embedded perl in rlm_perl.

jimdigriz commented 3 years ago

Works fine outside the async worker thread, but inside the locale functionality stops working.

jimdigriz commented 3 years ago

I think this is fixed by https://github.com/jimdigriz/freeradius-oauth2-perl/commit/292bd52060e5629eba781d58d99a3476b52a5702, now just needs testing by someone else other than me.

jimdigriz commented 3 years ago

https://github.com/FreeRADIUS/freeradius-server/issues/3602 is applicable, as FR passes the attribute in its correct locale into the Perl script but cannot read it back unchanged :-/

Without the fix you will see something like the following in the logs:

(0) oauth2_perl: ERROR: Failed to create pair - failed to parse time string "ноя 16 2020 19:34:30 UTC"
(0) oauth2_perl: ERROR:     &request:Event-Timestamp = $RAD_REQUEST{'Event-Timestamp'} -> 'ноя 16 2020 19:34:30 UTC'

Workaround is to run FreeRADIUS with export LC_ALL=C for now

jimdigriz commented 3 years ago

FR 3.0.22 is released which includes the locale fix...need to check this all is okay now.

KeppensJonas commented 3 years ago

Hello

I've installed FreeRADIUS through the Network Radius packaging on Debian "Buster" 10. I've installed version 3.0.22

And I get the following error when running FreeRADIUS in debug mode: rlm_perl: oauth2 worker (): started (tid=3) rlm_perl: oauth2 worker (): sync rlm_perl: oauth2 worker (): sync users rlm_perl: oauth2 worker (): users page rlm_perl: oauth2 worker (***): fetching token Thread 3 terminated abnormally: Error parsing time at /usr/lib/x86_64-linux-gnu/perl/5.28/Time/Piece.pm line 583.

Already tried the workaround fixes above

jimdigriz commented 3 years ago

I've installed FreeRADIUS through the Network Radius packaging on Debian "Buster" 10. I've installed version 3.0.22

And I get the following error when running FreeRADIUS in debug mode: rlmperl: oauth2 worker (): started (tid=3) rlm_perl: oauth2 worker (_): sync rlmperl: oauth2 worker (): sync users rlm_perl: oauth2 worker (_): users page rlm_perl: oauth2 worker (***): fetching token Thread 3 terminated abnormally: Error parsing time at /usr/lib/x86_64-linux-gnu/perl/5.28/Time/Piece.pm line 583.

Already tried the workaround fixes above

Can you set me your locale settings so when I fix this it should be definately fixed for your locale.

Hopefully something like the output of set in your terminal and also the following whilst FR is running is enough for me to work with:

cat /proc/$(pgrep freeradius)/environ | tr '\0' '\n'

Thanks

KeppensJonas commented 3 years ago

The output of set:

BASH=/usr/bin/bash BASHOPTS=checkwinsize:cmdhist:complete_fullquote:expand_aliases:extquote:force_fignore:globasciiranges:hostcomplete:interactive_comments:progcomp:promptvars:sourcepath BASH_ALIASES=() BASH_ARGC=([0]="0") BASH_ARGV=() BASH_CMDS=() BASH_LINENO=() BASH_SOURCE=() BASH_VERSINFO=([0]="5" [1]="0" [2]="3" [3]="1" [4]="release" [5]="x86_64-pc-linux-gnu") BASH_VERSION='5.0.3(1)-release' COLUMNS=145 DIRSTACK=() EUID=0 GROUPS=() HISTFILE=/root/.bash_history HISTFILESIZE=500 HISTSIZE=500 HOME=/root HOSTNAME=NPS4 HOSTTYPE=x86_64 IFS=$' \t\n' LANG=en_US.UTF-8 LANGUAGE=en_US:en LINES=24 LOGNAME=sysadmin LS_COLORS='rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=00:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:.tar=01;31:.tgz=01;31:.arc=01;31:.arj=01;31:.taz=01;31:.lha=01;31:.lz4=01;31:.lzh=01;31:.lzma=01;31:.tlz=01;31:.txz=01;31:.tzo=01;31:.t7z=01;31:.zip=01;31:.z=01;31:.dz=01;31:.gz=01;31:.lrz=01;31:.lz=01;31:.lzo=01;31:.xz=01;31:.zst=01;31:.tzst=01;31:.bz2=01;31:.bz=01;31:.tbz=01;31:.tbz2=01;31:.tz=01;31:.deb=01;31:.rpm=01;31:.jar=01;31:.war=01;31:.ear=01;31:.sar=01;31:.rar=01;31:.alz=01;31:.ace=01;31:.zoo=01;31:.cpio=01;31:.7z=01;31:.rz=01;31:.cab=01;31:.wim=01;31:.swm=01;31:.dwm=01;31:.esd=01;31:.jpg=01;35:.jpeg=01;35:.mjpg=01;35:.mjpeg=01;35:.gif=01;35:.bmp=01;35:.pbm=01;35:.pgm=01;35:.ppm=01;35:.tga=01;35:.xbm=01;35:.xpm=01;35:.tif=01;35:.tiff=01;35:.png=01;35:.svg=01;35:.svgz=01;35:.mng=01;35:.pcx=01;35:.mov=01;35:.mpg=01;35:.mpeg=01;35:.m2v=01;35:.mkv=01;35:.webm=01;35:.ogm=01;35:.mp4=01;35:.m4v=01;35:.mp4v=01;35:.vob=01;35:.qt=01;35:.nuv=01;35:.wmv=01;35:.asf=01;35:.rm=01;35:.rmvb=01;35:.flc=01;35:.avi=01;35:.fli=01;35:.flv=01;35:.gl=01;35:.dl=01;35:.xcf=01;35:.xwd=01;35:.yuv=01;35:.cgm=01;35:.emf=01;35:.ogv=01;35:.ogx=01;35:.aac=00;36:.au=00;36:.flac=00;36:.m4a=00;36:.mid=00;36:.midi=00;36:.mka=00;36:.mp3=00;36:.mpc=00;36:.ogg=00;36:.ra=00;36:.wav=00;36:.oga=00;36:.opus=00;36:.spx=00;36:*.xspf=00;36:' MACHTYPE=x86_64-pc-linux-gnu MAIL=/var/mail/root MAILCHECK=60 OPTERR=1 OPTIND=1 OSTYPE=linux-gnu PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games PIPESTATUS=([0]="0") PPID=12650 PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ ' PS2='> ' PS4='+ ' PWD=/home/sysadmin SHELL=/bin/bash SHELLOPTS=braceexpand:emacs:hashall:histexpand:history:interactive-comments:monitor SHLVL=2 SSH_CLIENT='192.168.100.4 60880 22' SSH_CONNECTION='192.168.100.4 60880 10.0.0.12 22' SSH_TTY=/dev/pts/1 TERM=xterm-256color UID=0 USER=sysadmin XDG_RUNTIME_DIR=/run/user/1000 XDG_SESSION_CLASS=user XDG_SESSION_ID=3 XDG_SESSIONTYPE=tty =set

The output of cat /proc/$(pgrep freeradius)/environ | tr '\0' '\n'

SHELL=/bin/bash LANGUAGE=en_US:en PWD=/etc/freeradius LOGNAME=sysadmin XDG_SESSION_TYPE=tty HOME=/root LANG=en_US.UTF-8 LS_COLORS=rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=00:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:.tar=01;31:.tgz=01;31:.arc=01;31:.arj=01;31:.taz=01;31:.lha=01;31:.lz4=01;31:.lzh=01;31:.lzma=01;31:.tlz=01;31:.txz=01;31:.tzo=01;31:.t7z=01;31:.zip=01;31:.z=01;31:.dz=01;31:.gz=01;31:.lrz=01;31:.lz=01;31:.lzo=01;31:.xz=01;31:.zst=01;31:.tzst=01;31:.bz2=01;31:.bz=01;31:.tbz=01;31:.tbz2=01;31:.tz=01;31:.deb=01;31:.rpm=01;31:.jar=01;31:.war=01;31:.ear=01;31:.sar=01;31:.rar=01;31:.alz=01;31:.ace=01;31:.zoo=01;31:.cpio=01;31:.7z=01;31:.rz=01;31:.cab=01;31:.wim=01;31:.swm=01;31:.dwm=01;31:.esd=01;31:.jpg=01;35:.jpeg=01;35:.mjpg=01;35:.mjpeg=01;35:.gif=01;35:.bmp=01;35:.pbm=01;35:.pgm=01;35:.ppm=01;35:.tga=01;35:.xbm=01;35:.xpm=01;35:.tif=01;35:.tiff=01;35:.png=01;35:.svg=01;35:.svgz=01;35:.mng=01;35:.pcx=01;35:.mov=01;35:.mpg=01;35:.mpeg=01;35:.m2v=01;35:.mkv=01;35:.webm=01;35:.ogm=01;35:.mp4=01;35:.m4v=01;35:.mp4v=01;35:.vob=01;35:.qt=01;35:.nuv=01;35:.wmv=01;35:.asf=01;35:.rm=01;35:.rmvb=01;35:.flc=01;35:.avi=01;35:.fli=01;35:.flv=01;35:.gl=01;35:.dl=01;35:.xcf=01;35:.xwd=01;35:.yuv=01;35:.cgm=01;35:.emf=01;35:.ogv=01;35:.ogx=01;35:.aac=00;36:.au=00;36:.flac=00;36:.m4a=00;36:.mid=00;36:.midi=00;36:.mka=00;36:.mp3=00;36:.mpc=00;36:.ogg=00;36:.ra=00;36:.wav=00;36:.oga=00;36:.opus=00;36:.spx=00;36:*.xspf=00;36: SSH_CONNECTION=192.168.100.4 60796 10.0.0.12 22 XDG_SESSION_CLASS=user TERM=xterm-256color USER=sysadmin SHLVL=2 XDG_SESSION_ID=1 XDG_RUNTIME_DIR=/run/user/1000 SSH_CLIENT=192.168.100.4 60796 22 PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games MAIL=/var/mail/root SSHTTY=/dev/pts/0 =/usr/sbin/freeradius OLDPWD=/root/wpa_supplicant-2.7/wpa_supplicant