How to escape values in radclient?
rany
rany2 at riseup.net
Sat May 6 14:34:14 UTC 2023
This is what I have so far, I seriously doubt it is safe:
#!/bin/bash
set -euf
[ -z "${username:-}" ] && exit 1
RAD_SERVER="127.0.0.1:1812"
RAD_PASSWD="testing123"
RAD_CMD="auth"
RAD_MSG=""
add_msg() {
RAD_MSG="${RAD_MSG}${1} = ${2}"$'\r\n'
}
add_msg_untrusted() {
val="${2//\"/\\\"}"
val="${val//$'\n'/}"
val="${val//$'\r'/}"
RAD_MSG="${RAD_MSG}${1} = \"${val}\""$'\r\n'
}
add_msg Framed-Protocol PPP
add_msg Message-Authenticator 0x00
add_msg NAS-IP-Address "$( (hostname || uname -n) 2>/dev/null | sed 1q)"
add_msg NAS-Port 0
add_msg Service-Type Framed-User
add_msg_untrusted User-Name "${username}"
if [ -n "${password:-}" ]; then
add_msg_untrusted "User-Password" "${password}"
fi
exec radclient -q -f <(printf '%s\n' "${RAD_MSG}") \
-S <(printf '%s' "${RAD_PASSWD}") "${RAD_SERVER}" "${RAD_CMD}"
On 5/6/23 16:26, rany wrote:
> Hi,
>
> I am planning on using radclient in a quick authentication script
> until I could fix an authentication library. I thought of using
> radclient in a shell script for the authentication task as it seemed
> fairly simple, however I wasn't able to figure out how to escape
> values that are set by the user; namely User-Name and User-Password.
>
> I tried checking the manual page but I haven't had any luck with that.
> It doesn't seem to have been mentioned, but I'm fairly sure this
> scenario was considered.
>
> TIA,
> rany
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list