From: kkalev Date: Mon, 20 Dec 2004 16:58:16 +0000 (+0000) Subject: * In bin/snmpfinger also accept @,. in the username X-Git-Tag: release_2_0_0_pre1~1787 X-Git-Url: http://www.project-moonshot.org/gitweb/?a=commitdiff_plain;h=ba1c077d4216f1d760ad357588c88af4f3cde764;p=freeradius.git * In bin/snmpfinger also accept @,. in the username * If we are stripping realms, then if needed strip them from the data returned by snmpfinger in user_finger.php3 --- diff --git a/dialup_admin/Changelog b/dialup_admin/Changelog index 0f4c61c..1a69c13 100644 --- a/dialup_admin/Changelog +++ b/dialup_admin/Changelog @@ -3,6 +3,9 @@ Ver 1.78: * Add a configuration directive general_sessionclear_bin * Add a session disconnect button in the 'clear open sessions' page * Also clear sessions from the sql extra servers in the 'clear open sessions' page +* In bin/snmpfinger also accept @,. in the username +* If we are stripping realms, then if needed strip them from the data returned by snmpfinger in + user_finger.php3 Ver 1.75: * A LOT of security related fixes. Now dialupadmin should hopefully be secure enough to be accessed by normal users (not administrators). diff --git a/dialup_admin/bin/snmpfinger b/dialup_admin/bin/snmpfinger index 68a7cad..6500368 100755 --- a/dialup_admin/bin/snmpfinger +++ b/dialup_admin/bin/snmpfinger @@ -34,7 +34,7 @@ elsif ($type eq 'lucent'){ $walk =`$snmpwalkcmd .iso.org.dod.internet.private.enterprises.529.10.4.1.12`; } -while($walk=~/\"([\w\-]+?)\"/g){ +while($walk=~/\"([\@\.\w\-]+?)\"/g){ $user=lc($1); if($out) { $out=$out.",'$user'"; diff --git a/dialup_admin/htdocs/user_finger.php3 b/dialup_admin/htdocs/user_finger.php3 index 36242f5..8ea29d2 100644 --- a/dialup_admin/htdocs/user_finger.php3 +++ b/dialup_admin/htdocs/user_finger.php3 @@ -81,8 +81,16 @@ if ($link){ $nas_type = 'cisco'; $users=exec("$config[general_snmpfinger_bin] $name_data $community_data $nas_type"); - if (strlen($users)) + if (strlen($users)){ $extra = "AND username IN ($users)"; + if ($config[general_strip_realms] == 'yes'){ + if ($config[general_realm_format] == 'prefix') + $match = "'[^']+" . $config[general_realm_delimiter]; + else + $match = $config[general_realm_delimiter] . "[^']+'"; + $extra = preg_replace("/$match/","'",$extra); + } + } } $search = @da_sql_query($link,$config, "SELECT DISTINCT username,acctstarttime,framedipaddress,callingstationid