Client Secret with Backslash

Alan DeKok aland at deployingradius.com
Tue Feb 19 14:17:20 CET 2019


On Feb 18, 2019, at 10:41 PM, Wingard, Nathaniel (Chapin) <Nathaniel.Wingard at Fiserv.com> wrote:
> 
> I've been trying to set a client secret with a trailing backslash and find myself confused by the results. I am running the Debian 9 provided freeradius 3.0.12 (freeradius-3.0.12+dfsg-5+deb9u1).

  Well, there *is* 3.0.17 available.  3.0.12 is 3 years old at this point.

> Secret I want:
> asdf\
> 
> Attempts (failures):
> secret = asdf\
> - Results in config parsing error

  As it should.  You can't put bare back-slashes into a file, or at the end of a line.

> secret = asdf\\
> - Results in config parsing error

  Yes, because the parser creates unquoted strings as simple words, and doesn't do escaping.

> secret = 'asdf\'
> - Results in config parsing error
> secret = "asdf\"
> - Results in config parsing error

  As it should.  You can't put backslashes at the end of a string.

> secret = 'asdf\\'
> - Results: asdf\\
> secret = "asdf\\"
> - Results: asdf\\

  It looks like this isn't handled correctly in v3.  There are various technical reasons, but it should work.

  I'll see if I can fix this before 3.0.18 is released.

> Attempts (successes?)
> secret = "as\df"
> - Results: as\df
> secret = "as\\df"
> - Results: as\\df

  Except that's likely wrong, too.  String escaping should do string escaping the same way everywhere.

> I expected the last of my failures to work per https://networkradius.com/doc/3.0.10/unlang/data_single.html but it seems only \' is treated as an escape sequence in the client secret. Is there any way to have a client secret with a trailing backslash, and as an extension, can I have the string literal \' in my secret?

  I'll see what I can do.

  Alan DeKok.




More information about the Freeradius-Users mailing list