2.x.x (and earier?): yet another decoding SSHA issue
Alan DeKok
aland at deployingradius.com
Thu Jul 18 17:43:44 CEST 2013
Stefan Winter wrote:
> * when using: SSHA1-Password = "%{base64tohex:RESTENA-SSHA1-Password}"
That won't work.
> I tried to be clever and force an expansion of the attribute content with:
>
> * SSHA1-Password := "%{base64tohex:%{RESTENA-SSHA1-Password}}"
That should work. So long as you put RESTENA-SSHA1-Password in the
request list.
> But that makes xlat fail completely. Maybe that's me not understanding
> unlang enough though.
>
> rlm_sql_mysql: query: (SELECT id, username, 'RESTENA-SSHA1-Password',
> value, op FROM check_smtp_ssha1 WHERE username='xyz')
> [sql-smtp-hash] User found in radcheck table
> rlm_sql (sql-smtp-hash): Released sql socket id: 2
> +++[sql-smtp-hash] returns ok
> ++- policy redundant returns ok
> expand: %{RESTENA-SSHA1-Password} ->
So RESTENA-SSHA1-Password doesn't work.
> This is on 2.x.x from today's GIT BTW, as it's the first version that
> works without any modifications on systemd. Except for the 0X thing of
> course; otherwise I'd be happy with a 2.2.1 rollout.
We'll get that sorted out, and release 2.2.1.
Alan DeKok.
More information about the Freeradius-Devel
mailing list