3.0.17 password ending in '\' problem, LDAP backend [bug?]

Kostas Zorbadelos kzorba at otenet.gr
Mon Sep 10 19:17:50 CEST 2018

On Δευ, Σεπ 10 2018 at 11:34:34 πμ, Alan DeKok <aland at deployingradius.com> wrote:

>> The whole escaping in shell strings always confused me so I try to stay
>> away from it :) Have you implemented the string escape rules of bash?\
>   We've implemented the string escape rules for single and double-quotes 

OK. I will refer to bash documentation :)

>> For example I tried to send a password ending in '\\' through radclient.
>> I had to input
>> User-Password = "test123\\\\\\\\"
>   Hmm... that doesn't look right.  It should be simpler than that.  

I think so too.

>   If you're piping the attribute through a shell, then those escaping
>   rules apply *on top of* what FreeRADIUS does. 
>   But if you do radclient -f file, then the attributes in "file"
>   shouldn't need 3 layers of escaping.  Just one. 

I am talking about -f <file> in radclient. I made all tests and saw the
constructed packets in wireshark. My guess is that you need escaping
when reading the file, then again you use escaping when constructing the
packet. Haven't gone through the code though.

Another example is when I needed to send a literal '\t' (without it
being translated to tab). I had to use the sequence

User-Password = "test\\\\t1"

in the radclient input file to send 'test\t1' in the constructed

Could it be that I am doing something wrong?


Kostas Zorbadelos	http://gr.linkedin.com/in/kzorba	

More information about the Freeradius-Users mailing list