Hello, I am trying to add an iRule to insert an http header value by stripping out domain from REMOTE_USER header. The following is the iRule I am trying to use: when HTTP_REQUEST { set login_user [HTTP::header remote_user ] if { $login_user contains "\" } { set ldap_user [getfield $login_user "\" 2] HTTP::header replace SAPUserID $ldap_user } } But it is throwing the following parsing error while saving: 01070151:3: Rule [insert.header.rule] error: line 4: [parse error: missing "] ["\" 2] HTTP::header replace SAPUserID $ldap_user Any help is appreciated. Thanks in advance.

Most likely the problem is that the backslash character is an escape sequence (ie. \n for newline, \t for tab, etc). Try adding a second slash to your comparisons. when HTTP_REQUEST { set login_user [HTTP::header remote_user ] if { $login_user contains "\\" } { set ldap_user [getfield $login_user "\\" 2] HTTP::header replace SAPUserID $ldap_user } } Let me know if this doesn't work. -Joe

What kind of authentication are you using? I think the REMOTE_USER field you're referring to is a CGI variable--not an actual HTTP header. For basic auth, this is parsed from the Authorization header. The format for this header is: Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ== Basic indicates the use of basic auth. The string after Basic is a base64 encoding of the username:password (Aladdin:open sesame, in this example). You could use the HTTP::username command (Click here) to return the parsed and decoded username. For details on basic auth you can check this wikipedia article: http://en.wikipedia.org/wiki/Basic_access_authentication Aaron

Aaron, somehow it doesn't even phase me that you know that from the top of your head that the base64 decoded string of "QWxhZGRpbjpvcGVuIHNlc2FtZQ==" is "Aladdin:open sesame" B-). -Joe

Thanks for your quick response. Parsing error was resolved after adding another backslash. This is how the script looks like: when HTTP_REQUEST { set login_user [HTTP::header remote_user ] if { $login_user contains "\\" } { set ldap_user [getfield $login_user "\\" 2] HTTP::header replace SAPUserID $ldap_user } } The authentication that we are using is "Windows Integrated Authentication". Is there any command to get username directly without Domain name appended to it? Thank you!

getfield Parsing error

11 Replies

Joel_Moses

Nimbostratus

Feb 17, 2010

You could try this.

when RULE_INIT {    
                     
            array set NTLMFlags {    
                    unicode        0x00000001    
                    oem            0x00000002    
                    req_target     0x00000004    
                    unknown1       0x00000008    
                    sign           0x00000010    
                    seal           0x00000020    
                    datagram       0x00000040    
                    lmkey          0x00000080    
                    netware        0x00000100    
                    ntlm           0x00000200    
                    unknown2       0x00000400    
                    unknown3       0x00000800    
                    ntlm_domain    0x00001000    
                    ntlm_server    0x00002000    
                    ntlm_share     0x00004000    
                    NTLM2          0x00008000    
                    targetinfo     0x00800000    
                    128bit         0x20000000    
                    keyexch        0x40000000    
                    56bit          0x80000000    
            }    
    }    
        
    when HTTP_REQUEST {    
            
            if { [HTTP::header Authorization] starts_with "NTLM " } {    
                    set ntlm_msg [ b64decode [split [lindex [HTTP::header Authorization] 1] ] ]    
                    binary scan $ntlm_msg a7ci protocol zero type    
                    switch -exact -- $type {    
                            3 {    
                                    binary scan $ntlm_msg @12ssissississississii \    
                                                                lmlen lmlen2 lmoff \    
                                                                ntlen ntlen2 ntoff \    
                                                                dlen  dlen2  doff  \    
                                                                ulen  ulen2  uoff \    
                                                                hlen  hlen2  hoff \    
                                                                slen  slen2  soff \    
                                                                flags    
                                    set ntlm_domain {}; binary scan $ntlm_msg @${doff}a${dlen} ntlm_domain    
                                    set ntlm_user {};   binary scan $ntlm_msg @${uoff}a${ulen} ntlm_user    
                                    set ntlm_host {};   binary scan $ntlm_msg @${hoff}a${hlen} ntlm_host    
                                    set unicode [expr {$flags & 0x00000001}]    
                                    if {$unicode} {    
                                            set ntlm_domain_convert ""    
                                            foreach i [ split $ntlm_domain ""] {     
                                                    scan $i %c c    
                                                    if {$c>1} {    
                                                            append ntlm_domain_convert $i    
                                                    } elseif {$c<128} {    
                                                            set ntlm_domain_convert $ntlm_domain_convert    
                                                    } else {    
                                                            append ntlm_domain_convert \\u[format %04.4X $c]    
                                                    }    
                                            }    
                                            set ntlm_domain $ntlm_domain_convert    
                                            set ntlm_user_convert ""    
                                            foreach i [ split $ntlm_user ""] {     
                                                    scan $i %c c    
                                                    if {$c>1} {    
                                                            append ntlm_user_convert $i    
                                                    } elseif {$c<128} {    
                                                            set ntlm_user_convert $ntlm_user_convert    
                                                    } else {    
                                                            append ntlm_user_convert \\u[format %04.4X $c]    
                                                    }    
                                            }    
                                            set ntlm_user   $ntlm_user_convert    
                                            set ntlm_host_convert ""    
                                            foreach i [ split $ntlm_host ""] {     
                                                    scan $i %c c    
                                                    if {$c>1} {    
                                                            append ntlm_host_convert $i    
                                                    } elseif {$c<128} {    
                                                            set ntlm_host_convert $ntlm_host_convert    
                                                    } else {    
                                                            append ntlm_host_convert \\u[format %04.4X $c]    
                                                    }    
                                            }    
                                            set ntlm_host   $ntlm_host_convert    
                                    }    
                                    binary scan $ntlm_msg @${ntoff}a${ntlen} ntdata    
                                    binary scan $ntlm_msg @${lmoff}a${lmlen} lmdata    
                                    binary scan $ntdata H* ntdata_h    
                                    binary scan $lmdata H* lmdata_h    
                                        
                                    HTTP::header replace SAPUserID $ntlm_user    
        
        
                                    }    
                            default {    
                            log local0. "NTLM type code was not parsed."   
                            }    
                    }    
            }    
    }

This should do what you want (although a little expensively, what with the Unicode handling loops and the decoding of the whole NTLM package -- PD, are you listening? 😆 ).

This code will not parse message types 1 and 2, but you really should only see a type 1 and 3 message from the client side -- and type doesn't contain much usable session data.

Forum Discussion

getfield Parsing error

11 Replies

Recent Discussions

GTM Packet Capture command

Wildcard SSL Certificate Deployment on F5 LTM

Migration from i series 10200 with 1 child VCMP to r series 10900 series

Open Redirection Mitigation

How to Implement 2 Way SSL in F5 LTM

Related Content

Parsing F5 BIG-IP LTM DNS profile statistics and extracting values with Python

F5 ADC - url rewrite redirect with parsing

Insufficient permissions BIG-IQ login error

DNS Query Name Parsing iRule

XML parsing by XML firewall