xlat failure in 2.1.8 (worked in 2.1.6)

Alan DeKok aland at deployingradius.com
Wed Feb 3 12:08:30 CET 2010

Stefan Winter wrote:
> After some tests, we think that either the space character (" ") or the
> single quote ("'") cause xlat to fail.


> The basic use scenario is a mySQL DB backend which pulls a NT-Hash for
> the user. Input is PAP, so rlm_pap calls xlat:NT-Hash for the input, and
> then returns with the log message that mschap xlat failed.

  Debug says?

> I've traced down the code in rlm_pap (no changes between the two
> versions), rlm_mschap (only unrelated changes), and main/xlat.c. xlat.c
> seems to have had a *major* revision in between.

  Yes.  The old code in xlat.c was wrong.  It didn't do conditional
expansion correctly.  On looking into that, it did a number of other
things wrong, too.  i.e. it's a bit surprising that it worked.

  The new code is clearer, and doesn't have the problems of the old code.

> For the moment, I rolled back to 2.1.6+ (and had to give up on the
> "do_not_respond feature, sigh) but it would sure be nice if this worked
> again :-/.

  Send a test case over, and I'll take a look.  It should be easy to
fix, as the new code isn't insane.

  Alan DeKok.

More information about the Freeradius-Devel mailing list