reject
}
}
+
+#
+# Filter the User-Password
+#
+# Some equipment sends passwords with embedded zeros.
+# This poliocy filters them out.
+#
+filter_password {
+ if (&User-Password &&
+ (&User-Password != "%{string:User-Password}")) {
+ update request {
+ &Tmp-String-0 := "%{string:User-Password}"
+ &User-Password := "%{string:Tmp-String-0}"
+ }
+ }
+}
#
filter_username
+ #
+ # Some broken equipment sends passwords with embedded zeros.
+ # i.e. the debug output will show
+ #
+ # User-Password = "password\000\000"
+ #
+ # This policy will fix it to just be "password".
+ #
+# filter_password
+
#
# The preprocess module takes care of sanitizing some bizarre
# attributes in the request, and turning them into attributes
len = fr_prints(out, outlen, (char const *) p, vp->vp_length, '"');
break;
+ /*
+ * Note that "%{string:...}" is NOT binary safe!
+ * It is explicitly used to get rid of embedded zeros.
+ */
case PW_TYPE_STRING:
len = strlcpy(out, vp->vp_strvalue, outlen);
break;
projects / thirdparty / freeradius-server.git / commitdiff
