make_passwd(), rlm_perl and double quotes in the password
John Morrissey
jwm at horde.net
Thu Sep 3 01:31:44 CEST 2009
On Wed, Sep 02, 2009 at 07:30:37PM -0400, John Morrissey wrote:
> On Wed, 20 May 2009 14:10:07 +0200, Alan DeKok wrote:
> > Niko Tyni wrote:
> > > It seems to me that the escaping and unescaping done in rlm_perl via
> > > perl_store_vps() -> vp_prints_value() -> librad_safeprint()
> > > and
> > > get_hv_content() -> pairadd_sv() -> pairmake() -> pairparsevalue()
> > > is a bit unnecessary,
>
> I agree; there doesn't seem to be a reason to quote double-quotes
> (or anything else that fr_print_string() guards against) in rlm_perl.
>
> > The rlm_perl code could arguable be updated, too. But that's less of
> > a priority.
For the benefit of the archives, we're working around this with:
if (defined $RAD_REQUEST{'User-Password'}) {
$RAD_REQUEST{'User-Password'} =~ s/\\"/"/g;
}
in our rlm_perl authorize handler.
john
--
John Morrissey _o /\ ---- __o
jwm at horde.net _-< \_ / \ ---- < \,
www.horde.net/ __(_)/_(_)________/ \_______(_) /_(_)__
More information about the Freeradius-Devel
mailing list