Sanitize special characters in AD groups names
Published Apr 24, 2017
Version 1.0Was this article helpful?
Hi,
you can use string map instead of foreach / regsub...
when RULE_INIT {
set static::conversion_table {c3a8 65 c3a9 65 c3aa 65 c3ab 65 c2a3 3f}
}
when ACCESS_POLICY_AGENT_EVENT {
if { [ACCESS::policy agent_id] eq "clean_group_names" } {
set newMemberOf " | "
set memberOf [ACCESS::session data get "session.ad.last.attr.memberOf"]
set splited [split $memberOf "|"]
Loop through all groups
foreach field $splited {
If the group starts with 0x, it is hexa, needs to be decoded
if { $field starts_with " 0x" } {
remove spaces
set trimed [string trim $field " "]
skip the 0x at the beginning
set hex_data [string tolower [substr $trimed 2]]
set hex_data [string map $static::conversion_table $hex_data]
Decode the hexa without special chars to string
set groupStr [binary format H* $hex_data]
Concat the sanitize group name to the list
set newMemberOf [concat $newMemberOf $groupStr " | "]
The group is not hexa, just concat the value as it is
} elseif { $field ne "" } {
set newMemberOf [concat $newMemberOf $field " | "]
}
}
Store the sanitize memberOf into a new session var
ACCESS::session data set "session.custom.ad.memberOf" $newMemberOf
}
}
I think you can also do it in variable assign instead of irule event...
you can try this code :
session.ad.last.attr.memberOf =
set conversion_table {c3a8 65 c3a9 65 c3aa 65 c3ab 65 c2a3 3f}
if { [info exists "groups"] }{unset groups;};
foreach field [mcget {session.ad.last.attr.memberOf}] {
if { $field starts_with " 0x" } {
set hex_data [string map $conversion_table [string range $field 2 end]];
set groupStr [binary format H* $hex_data];
lappend groups $groupStr;
} else { lappend groups $field;};
};
unset -nocomplain conversion_table;
return $groups