2.x.x (and earier?): yet another decoding SSHA issue
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Thu Jul 18 18:09:58 CEST 2013
On 18 Jul 2013, at 16:43, Alan DeKok <aland at deployingradius.com> wrote:
> Stefan Winter wrote:
>> * when using: SSHA1-Password = "%{base64tohex:RESTENA-SSHA1-Password}"
>
> That won't work.
Ug yes, sorry this one works with strings not directly on attributes.
>
>> I tried to be clever and force an expansion of the attribute content with:
>>
>> * SSHA1-Password := "%{base64tohex:%{RESTENA-SSHA1-Password}}"
>
> That should work. So long as you put RESTENA-SSHA1-Password in the
> request list.
Actually, no, that's wrong too *sigh*
update reply {
Tmp-String-1 := "dGVzdGluZzEyMw=="
}
update reply {
Tmp-Octets-0 := "0x%{base64tohex: %{reply:Tmp-String-1}}"
}
update reply {
Tmp-String-0 := "%{string:reply:Tmp-Octets-0}"
}
+- entering group authorize {...}
++[reply] returns notfound
expand: %{reply:Tmp-String-1} -> dGVzdGluZzEyMw==
expand: 0x%{base64tohex: %{reply:Tmp-String-1}} -> 0x74657374696e67313233
++[reply] returns notfound
expand: %{string:reply:Tmp-Octets-0} -> testing123
You want:
update reply {
SSHA1-Password := "0x%{base64tohex: %{control:RESTENA-SSHA1-Password1}}"
}
Assuming it was a check item.
You also want the latest HEAD version.
>
>> But that makes xlat fail completely. Maybe that's me not understanding
>> unlang enough though.
>>
>> rlm_sql_mysql: query: (SELECT id, username, 'RESTENA-SSHA1-Password',
>> value, op FROM check_smtp_ssha1 WHERE username='xyz')
>> [sql-smtp-hash] User found in radcheck table
>> rlm_sql (sql-smtp-hash): Released sql socket id: 2
>> +++[sql-smtp-hash] returns ok
>> ++- policy redundant returns ok
>> expand: %{RESTENA-SSHA1-Password} ->
>
> So RESTENA-SSHA1-Password doesn't work.
>
>> This is on 2.x.x from today's GIT BTW, as it's the first version that
>> works without any modifications on systemd. Except for the 0X thing of
>> course; otherwise I'd be happy with a 2.2.1 rollout.
>
> We'll get that sorted out, and release 2.2.1.
Done.
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team
More information about the Freeradius-Devel
mailing list