Client Secret with Backslash
Alan DeKok
aland at deployingradius.com
Tue Feb 19 14:17:20 CET 2019
On Feb 18, 2019, at 10:41 PM, Wingard, Nathaniel (Chapin) <Nathaniel.Wingard at Fiserv.com> wrote:
>
> I've been trying to set a client secret with a trailing backslash and find myself confused by the results. I am running the Debian 9 provided freeradius 3.0.12 (freeradius-3.0.12+dfsg-5+deb9u1).
Well, there *is* 3.0.17 available. 3.0.12 is 3 years old at this point.
> Secret I want:
> asdf\
>
> Attempts (failures):
> secret = asdf\
> - Results in config parsing error
As it should. You can't put bare back-slashes into a file, or at the end of a line.
> secret = asdf\\
> - Results in config parsing error
Yes, because the parser creates unquoted strings as simple words, and doesn't do escaping.
> secret = 'asdf\'
> - Results in config parsing error
> secret = "asdf\"
> - Results in config parsing error
As it should. You can't put backslashes at the end of a string.
> secret = 'asdf\\'
> - Results: asdf\\
> secret = "asdf\\"
> - Results: asdf\\
It looks like this isn't handled correctly in v3. There are various technical reasons, but it should work.
I'll see if I can fix this before 3.0.18 is released.
> Attempts (successes?)
> secret = "as\df"
> - Results: as\df
> secret = "as\\df"
> - Results: as\\df
Except that's likely wrong, too. String escaping should do string escaping the same way everywhere.
> I expected the last of my failures to work per https://networkradius.com/doc/3.0.10/unlang/data_single.html but it seems only \' is treated as an escape sequence in the client secret. Is there any way to have a client secret with a trailing backslash, and as an extension, can I have the string literal \' in my secret?
I'll see what I can do.
Alan DeKok.
More information about the Freeradius-Users
mailing list