Hex to Cleartext

[Joseph Showalter]

On Apr 15, 2014, at 4:30 PM, Alan DeKok <aland at deployingradius.com> wrote:

> Joseph Showalter wrote:
>> So, after working on our puzzling issue, we have found the root cause of chap failing instance:
>> 
>> Our equipment vendor is putting this in the end device 4867467528286D35655B523F585C5359.
>> 
>> But freeradius needs to see this value: HgFu((m5e[R?X\\SY.
> 
>  That's pretty much what I expected.  For the record, the vendor is
> wrong.  They should either accept printable ASCII passwords, or make it
> clear that the password is a binary string.
> 
>> This value is the "Escaped" value of the above hex.
>> 
>> In the radius db we have the hex value stored like this: 4867467528286D35655B523F585C5359.
>> 
>> Are there any suggestions on how we could easily convert this to the 'Escaped' value either with SQL changes or writing a perl plugin or something else that we have missed?
> 
>  You will need to use version 3.
> 
> 	update {
> 	       Tmp-Octets-0 := 0x4867467528286D35655B523F585C5359
> 	       reply:Filter-Id := &Tmp-Octets-0
> 	}
> 

So, if we prefixed the hex password with 0x via the sql, or do a db update, how would this look in the FR config:
And used version 3 of course...

	update {
	       Tmp-Octets-0 := < what would good here? >
	       reply:Filter-Id := &Tmp-Octets-0
	}


> ...
> 
> rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=81,
> length=38
> 	Filter-Id = "HgFu((m5e[R?X\\SY"
> 
>  i.e. put the hex values into an "octets" type attribute.  You'll need
> to prefix it with "0x", in order to get it parsed correctly.
> 
>  Then, assign it to a "string" attribute (e.g. Cleartext-Password), via
> the "&" operator.
> 
>  Unfortunately, version 2 doesn't support this functionality.  In that
> version, you'll need to use Perl to do the translation.
> 

Do you have any starter tips on how to hook perl in?
Would you recommend rlm_perl or could this be done with a re-write module?


>  Alan DeKok.
> 

--
regards, Joseph