Fwd: (RADIATOR) Quoted and escaped password

talist at vif.com talist at vif.com
Wed Jun 27 16:51:13 CDT 2001


Mike,
Your suggestion of sending the password from AuthSQL::findUser is definitely
the most elegant way.  Unfortunately my perl skills are a bit rusty, so I am
submitting an additional variable as a workaround.
I have added the variable "%K" which contains the same thing as "%P"
(decrypted password) but with ' or " characters replaced by a "?" .

=======================
diff -o Util.pm Util.pm_original_2.18.1
65,66d64
<      'K', sub { return unless $packet; my $UnquotedPass =
$packet->decodedPassword();
<           $UnquotedPass =~ s/['"]/?/g; $UnquotedPass },
323c321
<     $s =~
s/%([%abcCdDefghHijkKlLmMNopqQnPrRsStTUuvVyYz])/&{$conversions{$1}}()/egs;
---
>     $s =~
s/%([%abcCdDefghHijklLmMNopqQnPrRsStTUuvVyYz])/&{$conversions{$1}}()/egs;
==========================



----- Original Message -----
From: "Mike McCauley" <mikem at open.com.au>
To: <talist at vif.com>
Cc: <radiator at open.com.au>; "Hugh Irvine" <hugh at open.com.au>
Sent: Wednesday, June 27, 2001 6:56 PM
Subject: Re: Fwd: (RADIATOR) Quoted and escaped password


> > >
> > >I would like to add the definition of a variable that would provide the
> > >quoted and escaped password returned from the NAS.
> > >Something similar to %0 (for username) but for returned passwords in
the
> > >AuthSQL context.
> > >Could someone tell me where is the %0 defined in the radiator perl
modules.
> > >The current %P (decrypted user password) is fine but my custom update
query
> > >is failing whenever the dialin user is sending quotes.
>
> The replacement of %P is done by Radius::Util::format_special.
> %0, %1 etc is also replace by Radius::Util::format_special, but with
> contect-dependent data passed by the caller.
>
> It is usual to use the DBI quote function to quote and esacpe SQL strings.
> It would be possible for you to add another argument to the call to
> format_special in Radius::AuthSQL::findUSer so that the quoted password
was
> available as %1
>
> Hope that helps.
> Cheers.
>


===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list