From 4b59e2dcfbb59024e4991e9431f7eb8a35ce95d4 Mon Sep 17 00:00:00 2001 From: Paul Lettich Date: Fri, 20 Aug 2021 16:40:44 +0200 Subject: [PATCH] Fix encoding issues with passwords FreeRADIUS handles passwords as byte-strings. How the client or the plugin encode/decode these bytes is up to them. Some VPNs seem to use ISO-latin encoding, other UTF-8. With this fix we try to guess the encoding using a built-in perl module and decode it accordingly before URL-encoding it for privacyIDEA. --- privacyidea_radius.pm | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/privacyidea_radius.pm b/privacyidea_radius.pm index bd1bb97..87be1c7 100644 --- a/privacyidea_radius.pm +++ b/privacyidea_radius.pm @@ -161,7 +161,7 @@ use Try::Tiny; use JSON; use Time::HiRes qw( gettimeofday tv_interval ); use URI::Encode; - +use Encode::Guess; # use ... # This is very important ! Without this script will not get the filled hashes from main. @@ -423,6 +423,15 @@ sub authenticate { my @p = split(/\0/, $password); $password = @p[0]; } + # Encode password + my $decoder = Encode::Guess->guess($password); + if ( ! ref($decoder) ) { + radiusd::radlog( Info, "Could not find valid password encoding. Sending password as-is." ); + radiusd::radlog( Debug, $decoder ); + } else { + &radiusd::radlog( Info, "Password encoding guessed: " . $decoder->name); + $password = $decoder->decode($password); + } $params{"pass"} = $password; } elsif ( $Config->{ADD_EMPTY_PASS} =~ /true/i ) { $params{"pass"} = "";