packetfence icon indicating copy to clipboard operation
packetfence copied to clipboard

Published 20 hours ago verified publisher icon inverse-inc

authentication sources: catchall with match=any

Open nqb opened this issue 6 years ago • 1 comments

In a AD source, if you create a catchall authentication rule with a match directive sets as "any" and no conditions, this rule will never match. With match directive sets as "all" and no conditions, it works.

IMO, we should have same behavior between "any" and "all" in this specific case.

Config to reproduce (easy with pftest):

[ADUsers rule catchall-any]
match=any
action1=set_unreg_date=2020-01-01
action0=set_role=gaming
class=authentication
description=catchall

[ADUsers rule catchall-all]
action1=set_unreg_date=2020-01-01
match=all
description=catchall
class=authentication
action0=set_role=guest

With this configuration, users will always get guest role.

Tested on 8.2

nqb avatar Nov 08 '18 11:11 nqb

This issue is still presents on 11.2 and is difficult to pin-point. @jrouzierinverse, could you look into this ?

nqb avatar May 30 '22 12:05 nqb