rlm_exec and quoted strings?
This is something I came across while doing some refactoring (#186), and I thought I'd raise it here for discussion. When exec splits a line into an argv array, at the moment any quoted values retain their quotes. For example, %{exec:/bin/bash -c 'echo -n hello world'} gives argv of "/bin/bash" "-c" "'echo -n hello world'" // note the enclosed single-quotes which doesn't work: /bin/bash: echo -n hello world: command not found I think it should strip the outer quotes, but as this is a behaviour change I wonder if anyone could be relying on the old behaviour? Does this need to be made configurable with a flag? Some code which implements this change and also factors out the argv splitting into rad_expand_xlat() is at https://github.com/candlerb/freeradius-server/commits/candlerb/expand_xlat (for v2.x.x) The reason for looking at this is to be able to share the argv splitting code with rlm_redis, e.g. %{redis:LPUSH 'my key' %{User-Name}} where User-Name may also contain spaces. Comments welcomed. Regards, Brian.
Brian Candler wrote:
I think it should strip the outer quotes, but as this is a behaviour change I wonder if anyone could be relying on the old behaviour? Does this need to be made configurable with a flag?
I'd be inclined to just strip the quotes. There are too many configurable switches already. For example, I pushed a change which removes the "require_message_authenticator" flag from the proxy config. Git "master" now *always* has a Message-Authenticator in proxied Access-Requests.
Some code which implements this change and also factors out the argv splitting into rad_expand_xlat() is at https://github.com/candlerb/freeradius-server/commits/candlerb/expand_xlat (for v2.x.x)
I'll take a look.
The reason for looking at this is to be able to share the argv splitting code with rlm_redis, e.g. %{redis:LPUSH 'my key' %{User-Name}} where User-Name may also contain spaces.
Seems good to me. Alan DeKok.
participants (2)
-
Alan DeKok -
Brian Candler