freeradius-oauth2-perl icon indicating copy to clipboard operation
freeradius-oauth2-perl copied to clipboard

Published 20 hours ago verified publisher icon jimdigriz

Time parsing is still bust

Open jimdigriz opened this issue 3 years ago • 10 comments

So it turns out my fix for locale massaging does not properly work:

(23) oauth2_perl:   $RAD_CONFIG{'OAuth2-Password-Last-Modified'} = &control:OAuth2-Password-Last-Modified -> 'Nov  5 2020 11:31:56 UTC' rlm_perl: oauth2 authorize
(23) oauth2_perl: perl_embed:: module = /opt/freeradius-oauth2-perl/main.pm , func = authorize exit status= Error parsing time at /usr/lib/x86_64-linux-gnu/perl/5.26/Time/Piece.pm line 481.

This might be moot with a newer (currently unreleased) version of FreeRADIUS so lets test that, and decide if I just need to to poke the NR team to cut a new release or do I need to fix my horrific use of Time::Piece.

jimdigriz avatar Nov 09 '20 15:11 jimdigriz

Temporary (untested) workaround is to edit line 222 of main.pm and replace:

$r->{p} = to_radtime($d->{lastPasswordChangeDateTime}) if (exists($d->{lastPasswordChangeDateTime}));

With:

$r->{p} = 'Nov  8 2020 15:37:25 UTC';

Does not matter what the value is, just make it some date in the past, date format generated using the output of:

date -u +'%b %e %Y %H:%M:%S %Z' -d'yesterday'

jimdigriz avatar Nov 09 '20 15:11 jimdigriz

Can confirm, setting the locale to something not user hostile (eg. fr_FR.UTF-8 or ru_RU.UTF-8) results in this not working.

The problem is actually the call to from_radtime which checks lastPasswordChangeDateTime on subsequent authentications, this explains why it all works the first time and then refuses to work afterwards.

Also means https://github.com/FreeRADIUS/freeradius-server/issues/3602 is not applicable as to_radtime works fine.

jimdigriz avatar Nov 16 '20 15:11 jimdigriz

strftime (even with Time::Piece->use_locale()) is outputting English names... :-/

This goes into FR, which parses it, but when it passes it back to us, it is in the correct locale but Time::Piece cannot parse it as it says 'nov.' rather than 'Nov'.

Mocking up a standalone test, Time::Piece correctly outputs the locale you want, it might be something about being embedded perl in rlm_perl.

jimdigriz avatar Nov 16 '20 17:11 jimdigriz

Works fine outside the async worker thread, but inside the locale functionality stops working.

jimdigriz avatar Nov 16 '20 18:11 jimdigriz

I think this is fixed by https://github.com/jimdigriz/freeradius-oauth2-perl/commit/292bd52060e5629eba781d58d99a3476b52a5702, now just needs testing by someone else other than me.

jimdigriz avatar Nov 16 '20 19:11 jimdigriz

https://github.com/FreeRADIUS/freeradius-server/issues/3602 is applicable, as FR passes the attribute in its correct locale into the Perl script but cannot read it back unchanged :-/

Without the fix you will see something like the following in the logs:

(0) oauth2_perl: ERROR: Failed to create pair - failed to parse time string "ноя 16 2020 19:34:30 UTC"
(0) oauth2_perl: ERROR:     &request:Event-Timestamp = $RAD_REQUEST{'Event-Timestamp'} -> 'ноя 16 2020 19:34:30 UTC'

Workaround is to run FreeRADIUS with export LC_ALL=C for now

jimdigriz avatar Nov 16 '20 19:11 jimdigriz

FR 3.0.22 is released which includes the locale fix...need to check this all is okay now.

jimdigriz avatar Jun 01 '21 06:06 jimdigriz

Hello

I've installed FreeRADIUS through the Network Radius packaging on Debian "Buster" 10. I've installed version 3.0.22

And I get the following error when running FreeRADIUS in debug mode: rlm_perl: oauth2 worker (): started (tid=3) rlm_perl: oauth2 worker (): sync rlm_perl: oauth2 worker (): sync users rlm_perl: oauth2 worker (): users page rlm_perl: oauth2 worker (***): fetching token Thread 3 terminated abnormally: Error parsing time at /usr/lib/x86_64-linux-gnu/perl/5.28/Time/Piece.pm line 583.

Already tried the workaround fixes above

KeppensJonas avatar Jun 02 '21 17:06 KeppensJonas

I've installed FreeRADIUS through the Network Radius packaging on Debian "Buster" 10. I've installed version 3.0.22

And I get the following error when running FreeRADIUS in debug mode: rlm_perl: oauth2 worker (): started (tid=3) rlm_perl: oauth2 worker (): sync rlm_perl: oauth2 worker (): sync users rlm_perl: oauth2 worker (): users page rlm_perl: oauth2 worker (***): fetching token Thread 3 terminated abnormally: Error parsing time at /usr/lib/x86_64-linux-gnu/perl/5.28/Time/Piece.pm line 583.

Already tried the workaround fixes above

Can you set me your locale settings so when I fix this it should be definately fixed for your locale.

Hopefully something like the output of set in your terminal and also the following whilst FR is running is enough for me to work with:

cat /proc/$(pgrep freeradius)/environ | tr '\0' '\n'

Thanks

jimdigriz avatar Jun 03 '21 12:06 jimdigriz

The output of set:

BASH=/usr/bin/bash BASHOPTS=checkwinsize:cmdhist:complete_fullquote:expand_aliases:extquote:force_fignore:globasciiranges:hostcomplete:interactive_comments:progcomp:promptvars:sourcepath BASH_ALIASES=() BASH_ARGC=([0]="0") BASH_ARGV=() BASH_CMDS=() BASH_LINENO=() BASH_SOURCE=() BASH_VERSINFO=([0]="5" [1]="0" [2]="3" [3]="1" [4]="release" [5]="x86_64-pc-linux-gnu") BASH_VERSION='5.0.3(1)-release' COLUMNS=145 DIRSTACK=() EUID=0 GROUPS=() HISTFILE=/root/.bash_history HISTFILESIZE=500 HISTSIZE=500 HOME=/root HOSTNAME=NPS4 HOSTTYPE=x86_64 IFS=$' \t\n' LANG=en_US.UTF-8 LANGUAGE=en_US:en LINES=24 LOGNAME=sysadmin LS_COLORS='rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=00:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:.tar=01;31:.tgz=01;31:.arc=01;31:.arj=01;31:.taz=01;31:.lha=01;31:.lz4=01;31:.lzh=01;31:.lzma=01;31:.tlz=01;31:.txz=01;31:.tzo=01;31:.t7z=01;31:.zip=01;31:.z=01;31:.dz=01;31:.gz=01;31:.lrz=01;31:.lz=01;31:.lzo=01;31:.xz=01;31:.zst=01;31:.tzst=01;31:.bz2=01;31:.bz=01;31:.tbz=01;31:.tbz2=01;31:.tz=01;31:.deb=01;31:.rpm=01;31:.jar=01;31:.war=01;31:.ear=01;31:.sar=01;31:.rar=01;31:.alz=01;31:.ace=01;31:.zoo=01;31:.cpio=01;31:.7z=01;31:.rz=01;31:.cab=01;31:.wim=01;31:.swm=01;31:.dwm=01;31:.esd=01;31:.jpg=01;35:.jpeg=01;35:.mjpg=01;35:.mjpeg=01;35:.gif=01;35:.bmp=01;35:.pbm=01;35:.pgm=01;35:.ppm=01;35:.tga=01;35:.xbm=01;35:.xpm=01;35:.tif=01;35:.tiff=01;35:.png=01;35:.svg=01;35:.svgz=01;35:.mng=01;35:.pcx=01;35:.mov=01;35:.mpg=01;35:.mpeg=01;35:.m2v=01;35:.mkv=01;35:.webm=01;35:.ogm=01;35:.mp4=01;35:.m4v=01;35:.mp4v=01;35:.vob=01;35:.qt=01;35:.nuv=01;35:.wmv=01;35:.asf=01;35:.rm=01;35:.rmvb=01;35:.flc=01;35:.avi=01;35:.fli=01;35:.flv=01;35:.gl=01;35:.dl=01;35:.xcf=01;35:.xwd=01;35:.yuv=01;35:.cgm=01;35:.emf=01;35:.ogv=01;35:.ogx=01;35:.aac=00;36:.au=00;36:.flac=00;36:.m4a=00;36:.mid=00;36:.midi=00;36:.mka=00;36:.mp3=00;36:.mpc=00;36:.ogg=00;36:.ra=00;36:.wav=00;36:.oga=00;36:.opus=00;36:.spx=00;36:*.xspf=00;36:' MACHTYPE=x86_64-pc-linux-gnu MAIL=/var/mail/root MAILCHECK=60 OPTERR=1 OPTIND=1 OSTYPE=linux-gnu PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games PIPESTATUS=([0]="0") PPID=12650 PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w$ ' PS2='> ' PS4='+ ' PWD=/home/sysadmin SHELL=/bin/bash SHELLOPTS=braceexpand:emacs:hashall:histexpand:history:interactive-comments:monitor SHLVL=2 SSH_CLIENT='192.168.100.4 60880 22' SSH_CONNECTION='192.168.100.4 60880 10.0.0.12 22' SSH_TTY=/dev/pts/1 TERM=xterm-256color UID=0 USER=sysadmin XDG_RUNTIME_DIR=/run/user/1000 XDG_SESSION_CLASS=user XDG_SESSION_ID=3 XDG_SESSION_TYPE=tty _=set

The output of cat /proc/$(pgrep freeradius)/environ | tr '\0' '\n'

SHELL=/bin/bash LANGUAGE=en_US:en PWD=/etc/freeradius LOGNAME=sysadmin XDG_SESSION_TYPE=tty HOME=/root LANG=en_US.UTF-8 LS_COLORS=rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=00:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:.tar=01;31:.tgz=01;31:.arc=01;31:.arj=01;31:.taz=01;31:.lha=01;31:.lz4=01;31:.lzh=01;31:.lzma=01;31:.tlz=01;31:.txz=01;31:.tzo=01;31:.t7z=01;31:.zip=01;31:.z=01;31:.dz=01;31:.gz=01;31:.lrz=01;31:.lz=01;31:.lzo=01;31:.xz=01;31:.zst=01;31:.tzst=01;31:.bz2=01;31:.bz=01;31:.tbz=01;31:.tbz2=01;31:.tz=01;31:.deb=01;31:.rpm=01;31:.jar=01;31:.war=01;31:.ear=01;31:.sar=01;31:.rar=01;31:.alz=01;31:.ace=01;31:.zoo=01;31:.cpio=01;31:.7z=01;31:.rz=01;31:.cab=01;31:.wim=01;31:.swm=01;31:.dwm=01;31:.esd=01;31:.jpg=01;35:.jpeg=01;35:.mjpg=01;35:.mjpeg=01;35:.gif=01;35:.bmp=01;35:.pbm=01;35:.pgm=01;35:.ppm=01;35:.tga=01;35:.xbm=01;35:.xpm=01;35:.tif=01;35:.tiff=01;35:.png=01;35:.svg=01;35:.svgz=01;35:.mng=01;35:.pcx=01;35:.mov=01;35:.mpg=01;35:.mpeg=01;35:.m2v=01;35:.mkv=01;35:.webm=01;35:.ogm=01;35:.mp4=01;35:.m4v=01;35:.mp4v=01;35:.vob=01;35:.qt=01;35:.nuv=01;35:.wmv=01;35:.asf=01;35:.rm=01;35:.rmvb=01;35:.flc=01;35:.avi=01;35:.fli=01;35:.flv=01;35:.gl=01;35:.dl=01;35:.xcf=01;35:.xwd=01;35:.yuv=01;35:.cgm=01;35:.emf=01;35:.ogv=01;35:.ogx=01;35:.aac=00;36:.au=00;36:.flac=00;36:.m4a=00;36:.mid=00;36:.midi=00;36:.mka=00;36:.mp3=00;36:.mpc=00;36:.ogg=00;36:.ra=00;36:.wav=00;36:.oga=00;36:.opus=00;36:.spx=00;36:*.xspf=00;36: SSH_CONNECTION=192.168.100.4 60796 10.0.0.12 22 XDG_SESSION_CLASS=user TERM=xterm-256color USER=sysadmin SHLVL=2 XDG_SESSION_ID=1 XDG_RUNTIME_DIR=/run/user/1000 SSH_CLIENT=192.168.100.4 60796 22 PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games MAIL=/var/mail/root SSH_TTY=/dev/pts/0 _=/usr/sbin/freeradius OLDPWD=/root/wpa_supplicant-2.7/wpa_supplicant

KeppensJonas avatar Jun 03 '21 18:06 KeppensJonas