On Jan 25, 2018, at 3:02 PM, Kwak Wookjong <Wookjong.Kwak at gemalto.com> wrote:
>
> Yes, in the SQL DB, double slashes "\\" are presented.
OK. That's good.
> ...
> (0) EXPAND %{sql: SELECT secret FROM nas WHERE nasname = '%{Packet-Src-IP-Address}'}
> (0) --> test\\123
> (0) FreeRADIUS-Client-Secret = test\123
>
> ***** up until here, everything seems good as "\\" becomes to "\"
That's fine.
> ***** problem below when it is converting control list to client field, "\" becomes to "\\", again.
>
> (0) Converting control list to client fields
> (0) ipv4addr = 192.168.99.1
> (0) secret = test\\123
> (0) shortname = Radius Local Test
> (0) nas_type = other
> Adding client 192.168.99.1/32 with shared secret "test\\123"
>
> ***** So, when it is adding the client, it is double backslashes.
Hmm... the issue is that there are multiple representations of a string. The "binary" value, where the characters just mean themselves, and the "printed" form, where things are escaped, e.g. \n, \\, \t, etc.
For various reasons, the dynamic clients have to print the attributes you defined. But, it should just use the "binary" value for secrets, and not use the "printed" form.
I think this change should fix it:
--- a/src/main/client.c
+++ b/src/main/client.c
@@ -1341,7 +1341,7 @@ RADCLIENT *client_afrom_request(RADCLIENT_LIST *clients, REQUEST *request)
* We could reuse the CONF_PAIR buff, this just keeps things
* consistent between client_afrom_cs, and client_afrom_query.
*/
- *p = talloc_strdup(c, strvalue);
+ *p = talloc_strdup(c, vp->vp_strvalue);
Hopefully that won't break it for anyone else...
Alan DeKok.