On Apr 24, 2008, at 4:21 AM, Alan DeKok wrote:
Chris wrote:
gets me closer, but I have quoting issues:
expand: %{control:Tmp-String-1} -> ou\3daccounts\2cdc\3dviptalk\2cdc
\3dnet
Hmm... OK, to fix that you'll have to update the LDAP module. Or,
ensure that the *dynamic* portions of the basedn don't contain '='.
Or any of these, for that matter: ",+\"\\<>;*=()"
I guess the trick is fixing it (breaking it?) so this works without
opening up any vectors for injection attacks. Would it be safe to
exclude the "control" list from being escaped like this? It seems
that only attributes in the the request and proxy-request lists would
be the real problems.
I am pretty sure I can accomplish this by limiting the dynamic
portions of basedn and filter as suggested. Thanks.
I couldn't get anything to set the variable until I used an update
section.
Which is what the documentation says. "update sections updates an
attribute list". Nothing else says that.
Would it have been so difficult to say "man unlang see update" instead
of just "man unlang"? You spent more time complaining about the way I
asked the question than it would have taken to answer it. ;)
Thanks again.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
