2.x.x (and earier?): yet another decoding SSHA issue

Alan DeKok aland at deployingradius.com
Thu Jul 18 17:43:44 CEST 2013

Stefan Winter wrote:
> * when using: SSHA1-Password = "%{base64tohex:RESTENA-SSHA1-Password}"

  That won't work.

> I tried to be clever and force an expansion of the attribute content with:
> * SSHA1-Password := "%{base64tohex:%{RESTENA-SSHA1-Password}}"

  That should work.  So long as you put RESTENA-SSHA1-Password in the
request list.

> But that makes xlat fail completely. Maybe that's me not understanding
> unlang enough though.
> rlm_sql_mysql: query:  (SELECT id, username, 'RESTENA-SSHA1-Password',
> value, op FROM check_smtp_ssha1 WHERE username='xyz')
> [sql-smtp-hash] User found in radcheck table
> rlm_sql (sql-smtp-hash): Released sql socket id: 2
> +++[sql-smtp-hash] returns ok
> ++- policy redundant returns ok
>         expand: %{RESTENA-SSHA1-Password} ->

  So RESTENA-SSHA1-Password doesn't work.

> This is on 2.x.x from today's GIT BTW, as it's the first version that
> works without any modifications on systemd. Except for the 0X thing of
> course; otherwise I'd be happy with a 2.2.1 rollout.

  We'll get that sorted out, and release 2.2.1.

  Alan DeKok.

More information about the Freeradius-Devel mailing list