I'm seeing some inconsistent handling of encoding/escaping of attributes in rlm_perl between calls to the module (i.e. when setting an attribute in one call and then reading it back in the next). I was expecting "something out, something in", but instead I'm getting "something out, something-modified in".
In authorize, my script does an LDAP lookup and then sets the $RAD_CHECK{'Ldap-UserDn'} attribute for later:
rlm_perl: Added pair Ldap-UserDn = CN=Ireland\, Scott,OU=[...]
In authenticate, I go to read this back but find that the \ in the attribute is coming back to me escaped:
rlm_perl: Added pair Ldap-UserDn = CN=Ireland\\, Scott,OU=[...]
So, I end up having to strip off the escaping backslashes before using the value. I'm seeing something similar with the State attribute going out in an Access-Challenge and coming back in on the next Access-Request. In authorize, I set $RAD_REPLY{'State'} to the single byte value 0x01 that I send back in an Access-Challenge
rlm_perl: Added pair State = ?
Sending Access-Challenge of id 253 to [ip] port 63308
State = 0x01
When authorize next sees the follow-up request from the NAS, things look OK in the RADIUS packet:
rad_recv: Access-Request packet from host [ip] port 14034, id=254, length=146
State = 0x01
rlm_perl: Added pair State = 0x01
But when I read it in Perl, $RAD_REQUEST{'State'} comes back as the string "0x01", so I have to turn around and pack() this to get back what I put in. The same thing happens for different values as well; for instance, if I were to use the literal 1 as a value, State goes out as 0x31 (the string "1") and comes back in as the string "0x31", which again needs a pack() to fix.
I've been able to work around this by doing a bit of extra processing when I read any of these attributes back, but it doesn't really seem like intended behaviour.