Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[defect]: <NULL> being sent in value pair tuple to python module when using tacacs VS #5456

Open
fatal-bundy opened this issue Oct 31, 2024 · 1 comment
Open

[defect]: <NULL> being sent in value pair tuple to python module when using tacacs VS #5456

fatal-bundy opened this issue Oct 31, 2024 · 1 comment
Labels
defect category: a defect or misbehaviour

Comments

@fatal-bundy
Copy link

fatal-bundy commented Oct 31, 2024
edited
Loading

What type of defect/bug is this?

incorrect 3rd party API usage

How can the issue be reproduced?

With a basic config and version radiusd - FreeRADIUS version 4.0.31683 (git #d1b3c119), for host x86_64-pc-linux-gnu
add python module and example.py example. configure for authorization handling
add print(p[0][0]) to authorize function

in tacacs VS add python mod to authorization recv block

first print will show the <NULL> in 2 sets of tuples.
second print will cause a segfault in python as it tries to reference the <NULL>
this seg fault occurs with any attempt to reference the affected tuples.

Log output from the FreeRADIUS daemon

proto_tacacs_tcp - Received Authorization seq_no 1 length 80 tacacs_tcp from client 172.22.16.84 port 47446 to server * port 49
(3)  Received Authorization-Request ID 1 from 172.22.16.84:47446 to 172.22.16.54:49 length 80 via socket tacacs_tcp from client 172.22.16.84 port 47446 to server * port 49
(3)    Packet {
(3)      Version-Major = Plus
(3)      Version-Minor = 0
(3)      Packet-Type = Authorization
(3)      Sequence-Number = 1
(3)      Flags = None
(3)      Session-Id = 3643474199
(3)      Length = 68
(3)    }
(3)    Packet-Body-Type = Request
(3)    Authentication-Method = TACACSPLUS
(3)    Privilege-Level = Max
(3)    Authentication-Type = ASCII
(3)    Authentication-Service = LOGIN
(3)    User-Name = "corey.griffith"
(3)    Client-Port = "/dev/pts/5"
(3)    Remote-Address = "10.0.94.128"
(3)    service = "shell"
(3)    cmd = ""
(3)    Argument-List = "task*"
(3)  tacacs {
(3)    Running 'recv Authorization-Request' from file /etc/freeradius/sites-enabled/tacacs
(3)    recv Authorization-Request {
((<NULL>, <NULL>), ('Packet-Body-Type', 4), ('Authentication-Method', 6), ('Privilege-Level', 15), ('Authentication-Type', 1), ('Authentication-Service', 1), ('User-Name', 'corey.griffith'), ('Client-Port', '/dev/pts/5'), ('Remote-Address', '10.0.94.128'), ('service', 'shell'), ('cmd', ''), ('Argument-List', 'task*'), (<NULL>, <NULL>), ('Packet-Type', 11))
CAUGHT SIGNAL: Segmentation fault
No panic action set

Relevant log output from client utilities

No response

Backtrace from LLDB or GDB

No response
@fatal-bundy fatal-bundy added the defect category: a defect or misbehaviour label Oct 31, 2024
@alandekok
Copy link
Member

Could you add some gdb output? That would help a lot.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
defect category: a defect or misbehaviour
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@alandekok @fatal-bundy