When using DOUBLE_QUOTED_STRING, passwords with '\"' may not work

[g4-lisz at tonarchiv.ch]

Hi Alan thank your for your reply.

Now I also did the test with TCP sniffing. Things look a bit different but still not as expected:

~> tcpdump -i lo -A port ldap | grep some

Master:   f.D$f.D$02...`-.....cn=admin,dc=example,dc=org..some\\\"word

V3.2.x:   f...f...01...`,.....cn=admin,dc=example,dc=org..some\\"word

As it seems, logging adds one more level of escaping in V4 / master...

Cheers
Till

September 13, 2023 7:12 PM, "Alan DeKok" <aland at deployingradius.com> wrote:

> On Sep 13, 2023, at 12:30 PM, g4-lisz at tonarchiv.ch wrote:
> 
>> config:
>> 
>> ldap {
>> ...
>> password = "some\\\"word"
>> }
>> 
>> V3.2.x (from Git today):
>> 
>> Wed Sep 13 17:58:36 2023 : Debug: Loaded rlm_ldap, checking if it's valid
>> Wed Sep 13 17:58:36 2023 : Debug: # Loaded module rlm_ldap
>> Wed Sep 13 17:58:36 2023 : Debug: # Loading module "ldap" from file
>> /opt/cpr_V3/etc/raddb/mods-enabled/ldap
>> Wed Sep 13 17:58:36 2023 : Debug: ldap {
>> Wed Sep 13 17:58:36 2023 : Debug: server = "localhost"
>> Wed Sep 13 17:58:36 2023 : Debug: password = "some\\"word"
> 
> That's wrong.
> 
>> master:
>> 
>> Wed Sep 13 18:27:41 2023: Debug : Loaded module rlm_ldap
>> Wed Sep 13 18:27:41 2023: Debug : ldap {
>> Wed Sep 13 18:27:41 2023: Debug : server = 'localhost'
>> Wed Sep 13 18:27:41 2023: Debug : password = "some\\\\\\"word"
> 
> That's worse, I think.
> 
> I'll take a look.
> 
> My other tests showed the backslashes working as expected, so I'm not sure what's going on here.
> 
> Alan DeKok.
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html