Stanislas_Piro2's avatar
Stanislas_Piro2
Icon for Cumulonimbus rankCumulonimbus
Apr 24, 2017

Hi,

 

you can use string map instead of foreach / regsub...

 

when RULE_INIT {
set static::conversion_table {c3a8 65 c3a9 65 c3aa 65 c3ab 65 c2a3 3f}
}

when ACCESS_POLICY_AGENT_EVENT {
    if { [ACCESS::policy agent_id] eq "clean_group_names" } {
        set newMemberOf " | "
        set memberOf [ACCESS::session data get "session.ad.last.attr.memberOf"]
        set splited [split $memberOf "|"]
         Loop through all groups
        foreach field $splited {
             If the group starts with 0x, it is hexa, needs to be decoded
            if { $field starts_with " 0x" } {
                 remove spaces
                set trimed [string trim $field " "] 
                 skip the 0x at the beginning
                set hex_data [string tolower [substr $trimed 2]] 
                set hex_data [string map $static::conversion_table $hex_data]
                 Decode the hexa without special chars to string
                set groupStr [binary format H* $hex_data]
                 Concat the sanitize group name to the list
                set newMemberOf [concat $newMemberOf $groupStr " | "]
             The group is not hexa, just concat the value as it is
            } elseif { $field ne "" } {
                set newMemberOf [concat $newMemberOf $field " | "]
            }
        }
         Store the sanitize memberOf into a new session var
        ACCESS::session data set "session.custom.ad.memberOf" $newMemberOf
    }
}

I think you can also do it in variable assign instead of irule event...

 

you can try this code :

 

session.ad.last.attr.memberOf =

 

set conversion_table {c3a8 65 c3a9 65 c3aa 65 c3ab 65 c2a3 3f}
if { [info exists "groups"] }{unset groups;};
foreach field [mcget {session.ad.last.attr.memberOf}] {
    if { $field starts_with " 0x" } {
        set hex_data [string map $conversion_table [string range $field 2 end]];
        set groupStr [binary format H* $hex_data];
        lappend groups $groupStr;
    } else { lappend groups $field;};
};
unset -nocomplain conversion_table;
return $groups