How to escape values in radclient?

rany rany2 at riseup.net
Sun May 7 14:00:20 UTC 2023


I'm sorry for the incorrect wording of my question.

I meant to ask about what escaping rules a double quoted string in 
radclient follows. This is so that I could escape the double quoted 
string in bash shell before sending it to radclient.

I ended up landing on this:

         val="${2}"
         val="${val//\\/\\\\}"
         val="${val//$'\n'/\\n}"
         val="${val//$'\r'/\\r}"
         val="${val//\"/\\\"}"
         RAD_MSG="${RAD_MSG}${1} = \"${val}\""$'\r\n'

Somewhat related to this:

However I was hoping that I would be able to convert it into a hex 
string and just send radclient something like this:

         User-Password = "\x72\x66\x6a"

This way I wouldn't risk potentially missing some escape rule, in fact 
that was the first thing I tried prior to escaping. However it doesn't 
appear to work as I expected, as it appears that a double quoted string 
in radclient follows different rules than in configs; which is what 
prompted my question.

On 5/7/23 16:27, Alan DeKok wrote:
> On May 7, 2023, at 3:12 PM, rany <rany2 at riseup.net> wrote:
>> I think you are misunderstanding me
>    I am answering the questions you are asking.  If you want different answers, then ask different questions.
>
>> radtest for example does not do any escaping prior to sending data to radclient; so this input breaks it:
>    So when you asked multiple questions about radclient, you were really asking questions about radtest?
>
>> # radtest rany aaaa\\ 127.0.0.1:1812 0 testing123
>> (0) Error parsing "stdin": Expected end of line or comma
>>
>> I'm trying to handle inputs like these so that radclient could handle someone having a `\` in the username/password. The issue is not shell escaping.
>    The issue is absolutely shell escaping.  radclient has no issues with a backslash in the username or password.
>
>    The radtest program doesn't deal well with shell escaping, because it's intended as a simple tool for testing basic (i.e. simple) names and passwords.
>
>    If you want to write your own shell script wrapper around radclient, then you have to understand the shell escaping rules, and deal with them.  I really don't know how else to explain this.  All of the unescaping rules you've posted are written in shell script, not "radclient script".  So the problem is the shell, not radclient.
>
>    Go read the shell documentation, and the unescaping rules there.  Once you can pass the appropriate text to radclient, radclient will use it.  This is how EVERY program on your OS works.  There is nothing magical about radclient.
>
>    Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list