Problem with backslash in User-Name
Brian Candler
b.candler at pobox.com
Fri Feb 10 12:07:40 CET 2017
On 10/02/2017 07:28, Marco Scholl wrote:
> this idea i have, too.
>
> I have also tried
>
> radtest -t mschap "test\\radius" radius localhost 1 testing123
> radtest -t mschap 'test\\radius' radius localhost 1 testing123
> radtest -t mschap 'test\radius' radius localhost 1 testing123
Ah, there's still not enough escaping:
root at radtest:~# radtest -t mschap 'test\\radius' radius localhost 1
testing123
Sent Access-Request Id 15 from 0.0.0.0:60124 to 127.0.0.1:1812 length 136
User-Name = "test\radius"
By this stage, your '\ \ r' has still become '\r' and radclient rakes
this as CR. So it looks like there is another level of unescaping taking
place inside radtest (which is a shell script)
So you need *four* backslashes, which you can get in single quotes like
this:
root at radtest:~# radtest -t mschap 'test\\\\radius' radius localhost 1
testing123
Sent Access-Request Id 201 from 0.0.0.0:36290 to 127.0.0.1:1812 length 137
User-Name = "test\\radius"
(Without quotes, or in double-quotes, you would need 8 backslashes!)
Now you can see that radclient receives "test\\radius" which it should
interpret as t e s t \ r a d i u s
And at last, tcpdump confirms this:
# tcpdump -i lo -nn -s0 -v -X udp port 1812
tcpdump: listening on lo, link-type EN10MB (Ethernet), capture size
262144 bytes
11:05:05.119847 IP (tos 0x0, ttl 64, id 19098, offset 0, flags [none],
proto UDP (17), length 165)
127.0.0.1.53576 > 127.0.0.1.1812: RADIUS, length: 137
Access-Request (1), id: 0x06, Authenticator:
e03656048448efdd3e6345a719fb218f
*User-Name Attribute (1), length: 13, Value: test\radius*
NAS-IP-Address Attribute (4), length: 6, Value: 127.0.1.1
NAS-Port Attribute (5), length: 6, Value: 1
Message-Authenticator Attribute (80), length: 18, Value:
..g..){.m...%,.)
Vendor-Specific Attribute (26), length: 16, Value: Vendor:
Microsoft (311)
Vendor Attribute: 11, Length: 8, Value: .......f
Vendor-Specific Attribute (26), length: 58, Value: Vendor:
Microsoft (311)
Vendor Attribute: 1, Length: 50, Value:
..........................>.=L.:z.+....c.....}..@
0x0000: 4500 00a5 4a9a 0000 4011 31ac 7f00 0001 E...J... at .1.....
0x0010: 7f00 0001 d148 0714 0091 fea4 0106 0089 .....H..........
0x0020: e036 5604 8448 efdd 3e63 45a7 19fb 218f .6V..H..>cE...!.
0x0030: 010d *7465 7374 5c72 6164 6975 73*04 067f *..test\radius...*
0x0040: 0001 0105 0600 0000 0150 1292 8467 0dbf .........P...g..
0x0050: 297b bf6d 0716 8625 2c82 291a 1000 0001 ){.m...%,.).....
0x0060: 370b 0afe 00b0 adc9 0da8 661a 3a00 0001 7.........f.:...
0x0070: 3701 3400 0100 0000 0000 0000 0000 0000 7.4.............
0x0080: 0000 0000 0000 0000 0000 0000 003e bc3d .............>.=
0x0090: 4cf6 3a7a a42b 8a96 8ed0 6312 84b4 c7d9 L.:z.+....c.....
0x00a0: 7dba 0d7f 40 }...@
Regards,
Brian.
More information about the Freeradius-Users
mailing list