This is what I have so far, I seriously doubt it is safe: #!/bin/bash set -euf [ -z "${username:-}" ] && exit 1 RAD_SERVER="127.0.0.1:1812" RAD_PASSWD="testing123" RAD_CMD="auth" RAD_MSG="" add_msg() { RAD_MSG="${RAD_MSG}${1} = ${2}"$'\r\n' } add_msg_untrusted() { val="${2//\"/\\\"}" val="${val//$'\n'/}" val="${val//$'\r'/}" RAD_MSG="${RAD_MSG}${1} = \"${val}\""$'\r\n' } add_msg Framed-Protocol PPP add_msg Message-Authenticator 0x00 add_msg NAS-IP-Address "$( (hostname || uname -n) 2>/dev/null | sed 1q)" add_msg NAS-Port 0 add_msg Service-Type Framed-User add_msg_untrusted User-Name "${username}" if [ -n "${password:-}" ]; then add_msg_untrusted "User-Password" "${password}" fi exec radclient -q -f <(printf '%s\n' "${RAD_MSG}") \ -S <(printf '%s' "${RAD_PASSWD}") "${RAD_SERVER}" "${RAD_CMD}" On 5/6/23 16:26, rany wrote:
Hi,
I am planning on using radclient in a quick authentication script until I could fix an authentication library. I thought of using radclient in a shell script for the authentication task as it seemed fairly simple, however I wasn't able to figure out how to escape values that are set by the user; namely User-Name and User-Password.
I tried checking the manual page but I haven't had any luck with that. It doesn't seem to have been mentioned, but I'm fairly sure this scenario was considered.
TIA, rany
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html