2:44 p.m.
Hi Christian,
I guess this was an this list a few weeks ago:
Fabian Mauchle wrote on 12/09/2019 15:54:
Regards
Helge
Hi
Christian,
On 12.09.19, 15:34, "radsecproxy on behalf of Christian Claveleira"
<radsecproxy-bounces(a)lists.nordu.net on behalf of
Christian.Claveleira(a)renater.fr> wrote:
it seems the content of the secret string is
interpreted when it
contains a "%" :
when a client (or server) declaration contains
secret fht8CD%E7am
it is interpreted as
getgenericconfig: block client xxxx.yyyyy: secret = fht8CDçam
One can see "%E7" is translated as the "ç" character.
This case is mentioned in the manpage radsecproxy.conf(5):
If you want to write a % and not use this decoding, you may of course
write % in hex; i.e., %25.
>
> Regards,
> Fabian
3 p.m.
Wiethoff, Helge wrote on 09/10/2019 16:44:
Hi Christian,
I guess this was an this list a few weeks ago:
not exactly. If you reread you'll see we take into account the translation of the
sequences "%hh" in the secret strings...
Christian
Fabian Mauchle wrote on 12/09/2019 15:54:
Regards
Helge
_______________________________________________
radsecproxy mailing list
radsecproxy(a)lists.nordu.net
https://lists.nordu.net/listinfo/radsecproxy
Hi
Christian,
On 12.09.19, 15:34, "radsecproxy on behalf of Christian Claveleira"
<radsecproxy-bounces(a)lists.nordu.net on behalf of
Christian.Claveleira(a)renater.fr> wrote:
it seems the content of the secret string
is interpreted when it
contains a "%" :
when a client (or server) declaration
contains
secret fht8CD%E7am
it is interpreted as
getgenericconfig: block client xxxx.yyyyy: secret = fht8CDçam
One can see "%E7" is translated as the "ç" character.
This case is mentioned in the manpage radsecproxy.conf(5):
If you want to write a % and not use this decoding, you may of course
write % in
hex; i.e., %25.
> Regards,
> Fabian 
11:14 a.m.
Hi Chistian,
On 09.10.19, 17:00, "radsecproxy on behalf of Christian Claveleira"
<radsecproxy-bounces(a)lists.nordu.net on behalf of Christian.Claveleira(a)renater.fr>
wrote:
>> when a client (or server) declaration
contains
>> secret fht8CD%E7am
>>
>> it is interpreted as
>> getgenericconfig: block client xxxx.yyyyy: secret = fht8CDçam
>>
>> One can see "%E7" is translated as the "ç" character.
This would indicate that the un-escaping is happening twice. I will check that.
BR,
Fabian
--
SWITCH
Fabian Mauchle, Network Engineer
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
Phone +41 44 268 15 30, direct +41 44 268 15 39
fabian.mauchle(a)switch.ch, http://www.switch.ch
1:54 p.m.
Hi Christian,
On 16.10.19, 13:14, "radsecproxy on behalf of Fabian Mauchle"
<radsecproxy-bounces(a)lists.nordu.net on behalf of fabian.mauchle(a)switch.ch> wrote:
This would indicate that the un-escaping is happening twice. I will check that.
I've pushed a fix to this to master as well as the maint-1.8 branch
BR,
Fabian
--
SWITCH
Fabian Mauchle, Network Engineer
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
Phone +41 44 268 15 30, direct +41 44 268 15 39
fabian.mauchle(a)switch.ch, http://www.switch.ch
10:20 a.m.
Fabian Mauchle wrote on 18/10/2019 15:54:
Hi Christian,
On 16.10.19, 13:14, "radsecproxy on behalf of Fabian Mauchle"
<radsecproxy-bounces(a)lists.nordu.net on behalf of fabian.mauchle(a)switch.ch> wrote:
This would indicate that the un-escaping is happening twice. I will check that.
I've pushed a fix to this to master as well as the maint-1.8 branch
Hi Fabian,
I've tested the maint-1.8 branch and now with "ght8CD%25E7am" set as secret
in the configuration, a radtest command with
"ght8CD%E7am" as secret string succeeds :-)
But radsecproxy debug traces show "block client localhost: secret =
ght8CD%25E7am" and not "ght8CD%E7am". Intended ?
Christian
BR,
Fabian
--
SWITCH
Fabian Mauchle, Network Engineer
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
Phone +41 44 268 15 30, direct +41 44 268 15 39
fabian.mauchle(a)switch.ch, http://www.switch.ch
11:06 a.m.
Hi Christian,
On 22.10.19, 12:20, "Christian Claveleira"
<Christian.Claveleira(a)renater.fr> wrote:
I've tested the maint-1.8 branch and now with "ght8CD%25E7am" set as
secret in the configuration, a radtest command with
"ght8CD%E7am" as secret string succeeds :-)
Thanks!
But radsecproxy debug traces show "block client localhost: secret =
ght8CD%25E7am" and not "ght8CD%E7am". Intended ?
Yes. In this debug log lists the config as it is read. For secrets (and a few others)
unhexing is deferred to a later processing, as we need to deal with %00 which would
normally terminate (and thus cut off the rest) of the string.
BR,
Fabian
--
SWITCH
Fabian Mauchle, Network Engineer
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
Phone +41 44 268 15 30, direct +41 44 268 15 39
fabian.mauchle(a)switch.ch, http://www.switch.ch
1912
days inactive
1925
days old
6 comments
3 participants
participants (3)
-
Christian Claveleira -
Fabian Mauchle -
Wiethoff, Helge